The Hacker News
Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks.
The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below -
CVE-2025-10643 (CVSS score: 9.1) - An authentication bypass vulnerability that exists within the permissions granted to a storage account token
CVE-2025-10644 (CVSS score: 9.4) - An authentication bypass vulnerability that exists within the permissions granted to an SAS token
Successful exploitation of the two flaws can allow an attacker to circumvent authentication protection on the system and launch a supply chain attack, ultimately resulting in the execution of arbit
The Conversation
ABC 7 Chicago Politics
WTOP
Page Six
Newsweek Video