CVE-2025-4318

Input validation issue in AWS Amplify Studio UI component properties

CVSS 9.5 CRITICALEPSS 1.0%CWE-95

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Produtos afetados

Amazon · Amplify Studio

PoCs públicas encontradas — 1

cve_referenceblog.securelayer7.net/cve-2025-4318-aws-amplify-rce/não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://aws.amazon.com/security/security-bulletins/AWS-2025-010/https://blog.securelayer7.net/cve-2025-4318-aws-amplify-rce/https://github.com/aws-amplify/amplify-codegen-ui/commit/ca98c38b7c3d69ae7c94d2f62b51e32e8165dae6 https://github.com/aws-amplify/amplify-codegen-ui/releases/tag/v2.20.3 https://github.com/aws-amplify/amplify-codegen-ui/security/advisories/GHSA-hf3j-86p7-mfw8