Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3047

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.

Published

2025-03-31T16:15:27.683

Last Modified

2025-10-14T20:15:36.377

Status

Awaiting Analysis

Source

ff89ba41-3aa1-4d27-914a-91399e9639e5

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-61

Affected Vendors & Products

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-008/ (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/aws/aws-sam-cli/releases/tag/v1.134.0 (ff89ba41-3aa1-4d27-914a-91399e9639e5)
https://github.com/aws/aws-sam-cli/security/advisories/GHSA-px37-jpqx-97q9 (ff89ba41-3aa1-4d27-914a-91399e9639e5)