Security Breaches Found in AI-Powered Repair Tool Wondershare RepairIt
Cybersecurity researchers have revealed two critical flaws in Wondershare RepairIt, an AI-powered repair tool used by millions, that open the door to massive supply chain attacks.
Trend Micro disclosed the details last week, and says RepairIt “contradicted its privacy policy by collecting, storing, and, due to weak Development, Security, and Operations (DevSecOps) practices, inadvertently leaking private user data.”
The vulnerabilities carry CVSS scores of 9.1 and 9.4, which are among the worst seen in consumer AI apps this year. RepairIt was keeping user files in unsecured cloud storage without encryption, despite explicitly assuring users their data would not be stored at all.
This is a potential catastrophe because of the attack path. Because RepairIt automatically pulls AI models from the compromised cloud storage, attackers could swap or tweak those models and quietly infect users. The reality is that one update could lead to countless victims.
A data betrayal
The investigation uncovered a violation of trust that goes way beyond sloppy security. While RepairIt’s privacy policy promises user data will not be stored, Trend Micro researchers discovered the application did the opposite.
Developers hardcoded overly permissive cloud access tokens directly into the application’s source code, granting read and write access to sensitive cloud storage. Making matters worse, all collected data was stored without encryption, which meant anyone with basic technical skills could get in.
The exposed cloud storage held far more than user files. Trend Micro researchers discovered that it also housed AI models, software binaries for various Wondershare products, container images, scripts, and company source code. That mix is a perfect recipe for supply chain attacks that could ripple across the Wondershare ecosystem and hit millions of users.
Supply chain attack
This goes well beyond data exposure; it is a textbook example of how AI applications can be flipped into weapons for large-scale cyberattacks. Since RepairIt automatically retrieves and executes AI models from the unsecured cloud storage, attackers could alter those models or their configurations and infect users without a hint.
Successful exploitation of these vulnerabilities, designated CVE-2025-10643 and CVE-2025-10644, lets attackers bypass authentication and launch supply chain attacks, ultimately achieving arbitrary code execution on customers’ devices. From there, malicious payloads could be distributed to legitimate users through vendor-signed software updates or AI model downloads.
The timeline makes it worse. The vulnerabilities were responsibly disclosed through Trend Micro’s Zero Day Initiative five months ago in April, and then published on its blog last week, yet Wondershare has not responded despite repeated contact attempts. The CVE assignments were published on September 17, which means five months of silence, raising serious questions about the company’s commitment to user safety.
At the time of writing, there is no information on Wondershare’s website about this matter.
Emergency action required for AI security
With no fix from Wondershare, security experts are urging users to stop using the product immediately. The case underscores how AI-powered apps, with complex infrastructure and heavy data handling, make tempting targets for sophisticated attacks.
The discovery lands at a tense moment for AI security. Earlier this month, DeepSeek became the first major AI company to publish peer-reviewed research on safety risks in AI models, and Trend Micro previously warned about exposing Model Context Protocol servers without authentication, risks that threat actors exploit to access cloud resources or inject malicious code.
The implications for the AI industry are stark. As AI apps weave deeper into daily workflows, the stakes rise. This breach shows how trusted software can turn into a gateway for massive data exposure and high-impact supply chain attacks.
If you are running Wondershare RepairIt, take the simple step now: stop using it until the vendor addresses these critical vulnerabilities. Five months of silence after disclosure is not a good look, and it does not inspire confidence in the company’s approach to user security or responsible development.
About Author
