Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-3047

Good to know:

icon
icon

Date: March 31, 2025

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.

Severity Score

Related Resources (7)

https://nvd.nist.gov/vuln/detail/CVE-2025-3047
https://github.com/aws/aws-sam-cli/security/advisories/GHSA-px37-jpqx-97q9
https://github.com/aws/aws-sam-cli
https://aws.amazon.com/security/security-bulletins/AWS-2025-008
https://github.com/aws/aws-sam-cli/pull/7865
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
https://www.mend.io/vulnerability-database/CVE-2025-3047

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

Top Fix

icon

Upgrade Version

Upgrade to version aws-sam-cli - 1.133.0;aws-sam-cli - 1.133.0;aws-sam-cli - 1.133.0;aws-sam-cli - no_fix;https://github.com/aws/aws-sam-cli.git - v1.133.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us