Cybersecurity researchers have discovered two severe authentication bypass vulnerabilities in Wondershare RepairIt, an AI-powered data repair and photo editing application.

Identified as CVE-2025-10643 and CVE-2025-10644, these flaws allow attackers to circumvent authentication protections by exploiting overly permissive cloud storage tokens embedded in the software. Successful exploitation could lead to arbitrary code execution on user endpoints and create opportunities for supply chain attacks, putting both private user data and company assets at risk.

Trend Micro researchers noted that weak development and security practices contributed to the vulnerabilities. User data—including uploaded images and videos—was stored without encryption, while cloud tokens embedded in the application provided read and write access to sensitive storage. The exposed storage also contained AI models, software binaries, container images, scripts, and source code, leaving the system vulnerable to tampering that could allow malicious payloads to be distributed through legitimate-looking software updates or AI model downloads.

These vulnerabilities highlight broader risks in AI and enterprise software. Experts from Trend Micro, Kaspersky, and Palo Alto Networks have warned that exposed AI servers, container registries, and coding assistants can be exploited through techniques such as indirect prompt injection and “lies-in-the-loop” attacks. These methods allow attackers to manipulate AI tools into executing malicious code, leaking sensitive information, or bypassing human oversight, creating new vectors for enterprise attacks when AI adoption outpaces security measures.

Trend Micro disclosed the flaws through its Zero Day Initiative in April 2025, but the vendor has yet to respond. Users are advised to limit interaction with the software until patches are available. The incidents underscore the importance of robust security practices throughout development pipelines, especially as AI adoption grows, to prevent exposure of sensitive data, intellectual property, and AI models while maintaining consumer trust.