PT-2025-13790 · Amazon Web Services · Aws Sam Cli
Published
2025-03-31
·
Updated
2025-03-31
·
CVE-2025-3047
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
AWS Serverless Application Model Command Line Interface (SAM CLI) versions prior to 1.133.0
Description
The issue arises when the SAM CLI build process is run with Docker and symlinks are included in the build files. This allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could exploit this to access restricted files via symlinks and copy them to a more permissive location on the container.
Recommendations
For versions prior to 1.133.0, upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.
Fix
LPE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Aws Sam Cli