Hardcoded Cloud Credentials in Worksnaps Client Application
CVE-2025-10560

9.3CRITICAL

Key Information:

Vendor: Silver Leaf Technologies, Inc.
Status: Worksnaps.net Worksnaps
Vendor: CVE Published:; 18 June 2026

🔔 Create Silver Leaf Technologies, Inc. Vulnerability Alert

What is CVE-2025-10560?

The Worksnaps Client application prior to version 1.6.20260201 suffers from a vulnerability where it contains hardcoded cloud credentials within its binaries. These credentials, including AWS access keys and S3 bucket names, allow unauthorized access to sensitive data stored in Worksnaps' production cloud, such as user desktop screenshots. An attacker could extract these credentials from the application binaries and gain access to critical cloud resources, potentially leading to significant data breaches. To mitigate this risk, users are encouraged to update their Worksnaps Client application to the latest version.

Affected Version(s)

Worksnaps.net Worksnaps Worksnaps before 1.6.20260201

References

https://r.sec-consult.com/worksnaps

third-party-advisory

https://www.worksnaps.net/www/download.shtml

patch

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Sep 16, 2025

Credit

Thorger Jansen, SEC Consult Vulnerability Lab

Daniel Hirschberger, SEC Consult Vulnerability Lab

Tobias Niemann, SEC Consult Vulnerability Lab

Marius Renner, SEC Consult Vulnerability Lab

CVE-2025-10560 Data

JSON