CVE-2025-10560

UNKNOWN 0.0

Hardcoded cloud credentials in Worksnaps client application binaries expose production cloud resources

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Worksnaps before version 1.6.20260201 contains hardcoded cloud credentials and related secret material in the Worksnaps client application binaries. The exposed credentials included AWS access keys, S3 bucket names, and related cloud access information. The originally exposed AWS credentials authenticated as the AWS account root identity and provided access to Worksnaps production cloud resources, including S3 buckets containing sensitive data such as screenshots of user desktops. An attacker with access to the affected client binaries could extract or recover the credentials and use them to access affected Worksnaps cloud resources.

CWE	CWE-798
Vendor	silver leaf technologies, inc.
Product	worksnaps.net worksnaps
Published	Jun 18, 2026

Stay Ahead of the Next One

Get instant alerts for silver leaf technologies, inc. worksnaps.net worksnaps

Be the first to know when new unknown vulnerabilities affecting silver leaf technologies, inc. worksnaps.net worksnaps are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Silver Leaf Technologies, Inc. / Worksnaps.net Worksnaps

Worksnaps before 1.6.20260201

References

NVD ↗ CVE.org ↗ EPSS Data ↗

r.sec-consult.com: https://r.sec-consult.com/worksnaps worksnaps.net: https://www.worksnaps.net/www/download.shtml

Credits

Thorger Jansen, SEC Consult Vulnerability Lab Daniel Hirschberger, SEC Consult Vulnerability Lab Tobias Niemann, SEC Consult Vulnerability Lab Marius Renner, SEC Consult Vulnerability Lab