Amazon Aws

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly
CVE-2026-1778 5.9 - Medium - February 02, 2026

Amazon SageMaker Python SDK before v3.1.1 or v2.256.0 disables TLS certificate verification for HTTPS connections made by the service when a Triton Python model is imported, incorrectly allowing for requests with invalid and self-signed certificates to succeed.

Improper Certificate Validation

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function
CVE-2026-1777 7.2 - High - February 02, 2026

The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training Jobs S3 output location may have the ability to upload arbitrary artifacts which are executed the next time the Training Job is invoked.

Cleartext Transmission of Sensitive Information

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may
CVE-2026-1386 6 - Medium - January 23, 2026

A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer directories to overwrite arbitrary host files via a symlink attack during the initialization copy at jailer startup, if the jailer is executed with root privileges. To mitigate this issue, users should upgrade to version v1.13.2 or 1.14.1 or above.

Symlink following

Processing specially crafted workspace folder names could
CVE-2026-0830 7.8 - High - January 09, 2026

Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted workspaces. To mitigate, users should update to the latest version.

Shell injection

Amazon S3 Encryption Client for Go <3.3 key commitment flaw
CVE-2025-14764 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Go to version 4.0 or later.

Use of a Broken or Risky Cryptographic Algorithm

Amazon S3 Encryption Client for Java v<4.0 Key Commitment Vulnerability
CVE-2025-14763 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Java to version 4.0.0 or later.

Use of a Broken or Risky Cryptographic Algorithm

Missing Key Commitment AWS SDK for Ruby <1.208.0 Varying Decryption
CVE-2025-14762 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later.

Use of a Broken or Risky Cryptographic Algorithm

AWS SDK for PHP 3.368 Missing key commitment enables EDK injection
CVE-2025-14761 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later

Use of a Broken or Risky Cryptographic Algorithm

Missing Key Commitment in AWS SDK for C++ (before 1.11.712)
CVE-2025-14760 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the AWS SDK for C++ may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for C++ to version 1.11.712 or later

Use of a Broken or Risky Cryptographic Algorithm

Amazon S3 Encryption Client .NET Key Commitment Bypass (Prior to 4.0.0)
CVE-2025-14759 5.3 - Medium - December 17, 2025

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for .NET to version 3.2.0 or later.

Use of a Broken or Risky Cryptographic Algorithm

Harmonix on AWS IAM Trust Exploit v0.3.0 to v0.4.1 Escalation
CVE-2025-14503 7.2 - High - December 15, 2025

An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.

Incorrect Privilege Assignment

RCFC 19.019.2 Remote Code Exec via Unsafe Deserialization
CVE-2025-55182 10 - Critical - December 03, 2025

A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

Audio Leak after Call Termination in AWS Wickr<6.62.13 (Windows/macOS/Linux)
CVE-2025-13524 5.7 - Medium - November 21, 2025

Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require the affected user to take a particular action within the application To mitigate this issue, users should upgrade AWS Wickr, Wickr Gov and Wickr Enterprise desktop version to version 6.62.13.

Improper Resource Shutdown or Release

Privilege Escalation in AWS Aurora PG Wrappers v2.6.5 (RDS Superuser)
CVE-2025-12967 8 - High - November 10, 2025

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users. We recommend customers upgrade to the following versions: AWS JDBC Wrapper to v2.6.5, AWS Go Wrapper to 2025-10-17, AWS NodeJS Wrapper to v2.0.1, AWS Python Wrapper to v1.4.0 and AWS PGSQL ODBC driver to v1.0.1

Reflection Injection

Amazon Ion-C Uninit Stack Read <1.1.4 (CVE-2025-12829)
CVE-2025-12829 6.2 - Medium - November 07, 2025

An uninitialized stack read issue exists in Amazon Ion-C versions <v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version v1.1.4.

Out-of-bounds Read

runc: /proc Redirect via Race in 1.2.7-1.4.0-rc.2
CVE-2025-52881 - November 06, 2025

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.

Symlink following

runc <1.2.8/1.3.3/1.4.0-rc.3: /dev/console Bind-Mount LFI/Container Breakout
CVE-2025-52565 - November 06, 2025

runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

Symlink following

runc CLI BindMount Verification Flaw Exposes Host Escape (1.4.0rc.2)
CVE-2025-31133 - November 06, 2025

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.

Symlink following

AWS RES Virtual Desktop Preview Ownership Verification Flaw (2025.08)
CVE-2025-12815 4.3 - Medium - November 06, 2025

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.

Unverified Ownership

Amazon WorkSpaces Linux Client 2023-2024 Auth Token Leak to Local Users
CVE-2025-12779 8.8 - High - November 05, 2025

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

FreeRTOS-Plus-TCP UDP/IPv6 IP-Version Bypass due to validation flaw
CVE-2025-11618 4.3 - Medium - October 10, 2025

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

NULL Pointer Dereference

FreeRTOS-Plus-TCP IPv6 OOB Read Vulnerability
CVE-2025-11617 5.4 - Medium - October 10, 2025

A missing validation check in FreeRTOS-Plus-TCP's IPv6 packet processing code can lead to an out-of-bounds read when receiving a IPv6 packet with incorrect payload lengths in the packet header. This issue only affects applications using IPv6. We recommend users upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

Buffer Over-read

FreeRTOS-Plus-TCP ICMPv6 OOB Read Vulnerability
CVE-2025-11616 5.4 - Medium - October 10, 2025

A missing validation check in FreeRTOS-Plus-TCP's ICMPv6 packet processing code can lead to an out-of-bounds read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. These issues only affect applications using IPv6. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

Buffer Over-read

Denial of Service via Infinite Loop in Amazon.IonDotNet <1.3.2
CVE-2025-11573 7.5 - High - October 09, 2025

An infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 may allow a threat actor to cause a denial of service through a specially crafted text input. To mitigate this issue, users should upgrade to version v1.3.2. As of August 20, 2025, this library has been deprecated and will not receive further updates.

Improper Validation of Syntactic Correctness of Input

AWS VPN Client macOS 1.3.25.2.0 Log RotSymlink Elevation
CVE-2025-11462 7.8 - High - October 07, 2025

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a symlink from a client log file to a privileged location. On log rotation, this could lead to code execution with root privileges if the user made crafted API calls which injected arbitrary code into the log file. We recommend users upgrade to AWS VPN Client for macOS 5.2.1 or the latest version.

insecure temporary file

Amazon ECS Agent <1.97.1: Off-Host Introspection Access via SG
CVE-2025-9039 - August 14, 2025

We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. This issue has been addressed in ECS agent version 1.97.1. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes. If customers cannot update to the latest AMI, they can modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678).

Amazon EMR Secret Agent Exposes Kerb Keytab in /tmp (v7.4 and earlier)
CVE-2025-8904 8.5 - High - August 13, 2025

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.

Storing Passwords in a Recoverable Format

Amazon Q Developer VS Code Extension Code Injection in v1.84.0
CVE-2025-8217 4 - Medium - July 30, 2025

The Amazon Q Developer Visual Studio Code (VS Code) extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making a successful API call to the Q Developer CLI. To mitigate this issue, users should upgrade to version v1.85.0. All installations of v1.84.0 should be removed from use.

Embedded Malicious Code

Amazon Cloud Cam SSL Pinning Bypass Enables Arbitrary Network Association
CVE-2025-6031 7.5 - High - June 12, 2025

Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported. When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification. We recommend customers discontinue usage of any remaining Amazon Cloud Cams.

Operation on a Resource after Expiration or Release

Windows DNS Client Buffer Overflow via LLMNR/mDNS (CVE-2025-5688)
CVE-2025-5688 - June 04, 2025

We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes.

Memory Corruption

Redshift Python Connector 2.1.x SSL cert bypass via BrowserAzureOAuth2
CVE-2025-5279 - May 27, 2025

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token. This issue has been addressed in driver version 2.1.7. Users should upgrade to address this issue and ensure any forked or derivative code is patched to incorporate the new fixes.

Improper Certificate Validation

Amplify Studio: Unvalidated Inputs in amplify-codegen-ui May Allow JS Injection
CVE-2025-4318 - May 05, 2025

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.

Eval Injection

Infinite Loop DoS in Amazon.IonDotnet before 1.3.1 (RawBinaryReader)
CVE-2025-3857 7.5 - High - April 21, 2025

When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that could potentially result in a denial of service. Users should upgrade to Amazon.IonDotnet version 1.3.1 and ensure any forked or derivative code is patched to incorporate the new fixes.

Infinite Loop

Symlink Cache Exposure in AWS SAM CLI <1.134.0
CVE-2025-3048 6.5 - Medium - March 31, 2025

After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace. Users should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build --use-container to update the symlinks.

Symlink following

AWS SAM CLI v<1.133.0 Symlink Privileged Host File Access via Docker build
CVE-2025-3047 6.5 - Medium - March 31, 2025

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.

Symlink following

Unverified Rollback in Tough Client Before 0.20.0 Allows Wrong Target Fetch
CVE-2025-2887 - March 27, 2025

During a target rollback, the client fails to detect the rollback for delegated targets. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Comparison Using Wrong Factors

Missing root metatdata version validation in Tough (v0.20.0+)
CVE-2025-2885 - March 27, 2025

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Improper Validation of Consistency within Input

tough client flaw: missing delegation termination (<0.20.0)
CVE-2025-2886 - March 27, 2025

Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Always-Incorrect Control Flow Implementation

tough v0.20.0: Rollback Timestamp Cache Validation Denial
CVE-2025-2888 - March 27, 2025

During a snapshot rollback, the client incorrectly caches the timestamp metadata. If the client checks the cache when attempting to perform the next update, the update timestamp validation will fail, preventing the next update until the cache is cleared. Users should upgrade to tough version 0.20.0 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Comparison Using Wrong Factors

Directory Traversal via Admission Controller File Inclusion in ingress-nginx
CVE-2025-24513 4.8 - Medium - March 25, 2025

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

Improper Input Validation

Ingress- Nginx auth-url Annotation RCE Leading to Secrets Exposure
CVE-2025-24514 8.8 - High - March 25, 2025

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Improper Input Validation

Ingress-nginx auth-tls-match-cn Injection Enables Code Execution
CVE-2025-1097 8.8 - High - March 25, 2025

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Improper Input Validation

Ingress-nginx: Arbitrary Exec via Pod Network in K8s
CVE-2025-1974 9.8 - Critical - March 25, 2025

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Separation of Privilege

ingress-nginx mirror-annotations enable arbitrary config injection & code exec
CVE-2025-1098 8.8 - High - March 25, 2025

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Improper Input Validation

AWS CDK CLI <=2.178.1 Credential Leak via Plugin
CVE-2025-2598 5.5 - Medium - March 21, 2025

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Exposure of Sensitive System Information to an Unauthorized Control Sphere

TEAM Improper Input Validation in AWS IAM Identity Center v1.2.2
CVE-2025-1969 4.3 - Medium - March 04, 2025

Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process

Reliance on Untrusted Inputs in a Security Decision

DJL ZipUtils/TarUtils PT Allows File Write
CVE-2025-0851 9.8 - Critical - January 29, 2025

A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.

Absolute Path Traversal

Timing-based IAM Username Enumeration in AWS Sign-In Flow
CVE-2025-0693 5.3 - Medium - January 23, 2025

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

Observable Response Discrepancy

Amazon WorkSpaces PCoIP MiTM vulnerability
CVE-2025-0501 7.5 - High - January 15, 2025

An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle.

Improper Certificate Validation

MitM Remote Session Access in Amazon WorkSpaces DCV & AppStream 2.0
CVE-2025-0500 7.5 - High - January 15, 2025

An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.

Improper Certificate Validation