Cybersecurity researchers at Trend Micro have identified two critical security vulnerabilities in the Wondershare RepairIt application, a popular AI-powered tool for data repair. The flaws, which carry high severity scores, could allow attackers to access private user data, tamper with the software's AI models, and launch supply chain attacks against its user base.
Key Takeaways
- Two critical authentication bypass vulnerabilities (CVE-2025-10643 and CVE-2025-10644) were found in Wondershare RepairIt.
- The flaws expose sensitive user data, including uploaded photos and videos, which were stored without encryption.
- Company assets such as AI models, source code, and software binaries were also accessible, creating a significant supply chain risk.
- Trend Micro disclosed the issues in April 2025, but the vendor, Wondershare, has reportedly not responded.
Critical Flaws Found in Data Repair Tool
Researchers from Trend Micro have detailed two severe security issues within the Wondershare RepairIt software. These vulnerabilities stem from insecure development practices that could lead to widespread consequences for users of the application.
Authentication Bypass Vulnerabilities
The core of the problem lies in two specific authentication bypass vulnerabilities. The first, identified as CVE-2025-10643, has a CVSS score of 9.1. The second, CVE-2025-10644, is rated even higher at 9.4. Both relate to permissions granted to cloud storage access tokens.
According to the report, these flaws allow an attacker to bypass security protections. Successful exploitation could enable unauthorized individuals to execute arbitrary code on the computers of the software's customers, effectively taking control of parts of their system through a supply chain attack.
Vulnerability Details
- CVE-2025-10643 (CVSS 9.1): An authentication bypass flaw related to storage account token permissions.
- CVE-2025-10644 (CVSS 9.4): A similar authentication bypass vulnerability linked to SAS token permissions.
Sensitive User and Company Data Exposed
The investigation by Trend Micro found that poor security practices led to the inadvertent exposure of a significant amount of sensitive data. Researchers Alfredo Oliveira and David Fiser noted that the application's handling of data contradicted its own privacy policy.
Unencrypted User Files at Risk
A primary concern is the exposure of private user data. The application collected and stored user files, such as personal photos and videos uploaded for repair, without any form of encryption. This lack of basic security makes the data easily accessible to anyone who gains entry to the storage system.
The researchers discovered that overly permissive cloud access tokens were embedded directly into the application's code. These tokens granted both read and write access to the cloud storage where the sensitive user data was held, creating a direct path for potential abuse.
"The AI-powered data repair and photo editing application contradicted its privacy policy by collecting, storing, and, due to weak Development, Security, and Operations (DevSecOps) practices, inadvertently leaking private user data," stated Trend Micro researchers.
Broader Supply Chain Implications
The security lapse extended beyond user data. The exposed cloud storage also contained critical company assets, including the AI models that power the software, software binaries for other Wondershare products, container images, scripts, and even company source code.
This level of exposure creates a severe supply chain risk. An attacker could potentially tamper with the AI models or the software executables stored in the cloud. Since the application automatically downloads and runs these AI models, users could unknowingly receive and execute malicious code.
"Because the binary automatically retrieves and executes AI models from the unsecure cloud storage, attackers could modify these models or their configurations and infect users unknowingly," the researchers explained. "Such an attack could distribute malicious payloads to legitimate users through vendor-signed software updates or AI model downloads."
Vendor Response and User Recommendations
Trend Micro stated that it responsibly disclosed the vulnerabilities through its Zero Day Initiative (ZDI) program in April 2025. However, despite multiple attempts to contact Wondershare, the cybersecurity firm has not received a response from the vendor.
Disclosure Timeline
The vulnerabilities were first reported to Wondershare in April 2025. As of the publication of Trend Micro's findings, no patch has been released, and the vendor has not publicly acknowledged the issues.
Due to the lack of a fix and the severity of the risks, Trend Micro has advised users to "restrict interaction with the product" until a patch is made available. The potential consequences of continued use range from intellectual property theft and data exposure to regulatory penalties for the company and a significant erosion of consumer trust.
The Growing Challenge of AI Security
This incident highlights a broader trend in the software industry, where the rapid integration of AI features can sometimes outpace security considerations. The rush to bring innovative products to market can lead to overlooked security implications, as seen with the hardcoded, overly permissive tokens in the RepairIt application.
Risks of Unsecured AI Infrastructure
Security experts have increasingly warned about the dangers of unsecured AI components. Trend Micro previously cautioned against exposing Model Context Protocol (MCP) servers without proper authentication. These servers often act as a gateway to sensitive data sources like databases and cloud services, making them a prime target for attackers.
Similarly, research from Kaspersky demonstrated how MCP servers installed from untrusted sources could be used to conduct reconnaissance and exfiltrate data under the guise of a legitimate AI tool. This is because such tools often require extensive permissions to operate on a user's machine.
New Attack Vectors in AI Systems
The rapid adoption of AI has introduced novel attack vectors that security teams are still learning to mitigate. These include:
- Indirect Prompt Injection: As detailed by Palo Alto Networks Unit 42, attackers can embed malicious instructions within external data sources. When an AI assistant processes this tainted data, it can be tricked into performing unintended actions, such as leaking information or injecting malicious code.
- Lies-in-the-Loop (LitL) Attacks: Research from Checkmarx described this technique, where an attacker deceives an AI agent into presenting malicious actions as safe to a human supervisor. The agent effectively becomes an accomplice, bypassing human-in-the-loop safety checks.
The vulnerabilities in Wondershare RepairIt serve as a practical example of how foundational security principles—such as secure credential storage and data encryption—are critical in the age of AI. As organizations continue to integrate AI into their products, implementing robust security processes throughout the development lifecycle is essential to protect both user data and the integrity of the software supply chain.
