CVE-2025-4318

Input validation issue in AWS Amplify Studio UI component properties

CVSS 9.5 CRITICALEPSS 1.0%CWE-95

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Productos afectados

Amazon · Amplify Studio

PoCs públicas encontradas — 1

cve_referenceblog.securelayer7.net/cve-2025-4318-aws-amplify-rce/no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://aws.amazon.com/security/security-bulletins/AWS-2025-010/https://blog.securelayer7.net/cve-2025-4318-aws-amplify-rce/https://github.com/aws-amplify/amplify-codegen-ui/commit/ca98c38b7c3d69ae7c94d2f62b51e32e8165dae6 https://github.com/aws-amplify/amplify-codegen-ui/releases/tag/v2.20.3 https://github.com/aws-amplify/amplify-codegen-ui/security/advisories/GHSA-hf3j-86p7-mfw8