CVE-2025-10643CRITICAL 9.1EPSS p84.7%

CVE-2025-10643CVE-2025-10643

Description

Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissions granted to a storage account token. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26902.

Scoring

CVSS 3.09.1 (CRITICAL)
VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS2.82% probability of exploitation · percentile 84.7% · 2026-06-19T12:03:05Z
Published2025-09-17
Last modified2025-09-19

Underlying weaknesses· 1

CWE-732

References

  1. https://www.zerodayinitiative.com/advisories/ZDI-25-895/

1

TypeTargetConfidenceTier
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-7320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-10644
CVE
CVE-2025-50901
CVE
CVE-2025-40554
CVE
CVE-2025-30398
CVE
CVE-2026-10523
CVE
CVE-2025-55187
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.