Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-3048

Good to know:

icon
icon

Date: March 31, 2025

After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace. Users should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build --use-container to update the symlinks.

Severity Score

Related Resources (7)

https://github.com/aws/aws-sam-cli/pull/7890
https://github.com/aws/aws-sam-cli
https://github.com/aws/aws-sam-cli/security/advisories/GHSA-pp64-wj43-xqcr
https://aws.amazon.com/security/security-bulletins/AWS-2025-008
https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
https://nvd.nist.gov/vuln/detail/CVE-2025-3048
https://www.mend.io/vulnerability-database/CVE-2025-3048

Severity Score

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Exposure of Sensitive System Information to an Unauthorized Control Sphere

CWE-497

Top Fix

icon

Upgrade Version

Upgrade to version aws-sam-cli - 1.134.0;aws-sam-cli - 1.134.0;aws-sam-cli - 1.134.0;aws-sam-cli - no_fix;https://github.com/aws/aws-sam-cli.git - v1.134.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

Do you need more information?

Contact Us