CVE-2025-10560— Worksnaps客户端应用二进制文件中硬编码的云端凭据导致生产环境云资源暴露漏洞
影响版本矩阵 1
| 厂商 | 产品 | 版本范围 | 状态 |
|---|---|---|---|
| Silver Leaf Technologies, Inc. | Worksnaps.net Worksnaps | Worksnaps before 1.6.20260201 | affected |
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2025-10560 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
使用硬编码的凭证
来源: 美国国家漏洞数据库 NVD
受影响产品
| 厂商 | 产品 | 影响版本 | CPE | 订阅 |
|---|---|---|---|---|
| Silver Leaf Technologies, Inc. | Worksnaps.net Worksnaps | Worksnaps before 1.6.20260201 | - |
二、漏洞 CVE-2025-10560 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2025-10560 的情报信息
请登录查看更多情报信息。
CVE-2025-10560 厂商安全公告 (1)
CVE-2025-10560 其他参考 (1)
IV. Related Vulnerabilities
V. Comments for CVE-2025-10560
暂无评论