PT-2025-41169 · Amazon Web Services · Aws Vpn Client For Macos

Published

2025-10-07

Updated

2025-11-14

CVE-2025-11462

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AWS VPN Client for macOS versions 1.3.2 through 5.2.0

Description A flaw exists in the AWS VPN Client for macOS that allows a local user to execute code with elevated privileges. Insufficient validation of the log destination directory during log rotation can allow a non-administrator user to create a symbolic link from a client log file to a privileged location. During log rotation, this could lead to code execution with root privileges if the user makes crafted API calls to inject arbitrary code into the log file. The issue involves improper link resolution before file access.

Recommendations Upgrade to AWS VPN Client for macOS version 5.2.1 or the latest version.

Fix

LPE

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2025-13127

CVE-2025-11462

Affected Products

Aws Vpn Client For Macos

PT-2025-41169 · Amazon Web Services · Aws Vpn Client For Macos

CVE-2025-11462

Weakness Enumeration

Related Identifiers

Affected Products

References · 18