Hardcoded cloud credentials in Worksnaps client application binaries expose production...

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H

Description

Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources.

Basic Information

ID CVE-2025-10560

Source SEC-VLab

Published Jun 18, 2026 at 08:32

Modified Jun 18, 2026 at 12:38

Affected Product

Vendor Silver Leaf Technologies, Inc.

Product Worksnaps.net Worksnaps

Version Worksnaps before 1.6.20260201

Affected Versions Silver Leaf Technologies, Inc. Worksnaps.net Worksnaps Worksnaps before 1.6.20260201

CWE Classification

CWE-798

References

{
    "lastseen": "",
    "description": "Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources.",
    "published": "2026-06-18T08:32:14.717Z",
    "modified": "2026-06-18T12:38:58.358Z",
    "type": "cve",
    "title": "Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources",
    "source": "SEC-VLab",
    "references": "https://r.sec-consult.com/worksnaps\nhttps://www.worksnaps.net/www/download.shtml",
    "id": "CVE-2025-10560",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "Silver Leaf Technologies, Inc. Worksnaps.net Worksnaps Worksnaps before 1.6.20260201",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Worksnaps.net Worksnaps",
    "version": "Worksnaps before 1.6.20260201",
    "vendor": "Silver Leaf Technologies, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources_CVE-2025-10560