CVE-2025-10560

PUBLISHED
Published: 18 Jun 2026, 08:32
Last modified:18 Jun 2026, 12:38

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.3 CRITICAL
v4.0 (cve.org)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

18 Jun 2026, 08:32
Published
Vulnerability first disclosed
18 Jun 2026, 12:38
Last Modified
Vulnerability information updated

Description

Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources.

CVSS Metrics

  • v4.0CRITICALScore: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Techniques & Countermeasures

  • CWE-798Use of Hard-coded Credentials

    The product contains hard-coded credentials, such as a password or cryptographic key.

Affected Systems

  • silver leaf technologies, inc.worksnaps.net worksnaps

    Worksnaps before 1.6.20260201

References (2)