CVE-2025-3047— Path Traversal in AWS SAM CLI allows file copy to build container
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-3047
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in AWS SAM CLI allows file copy to build container
Source: NVD (National Vulnerability Database)
Vulnerability Description
When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
CWE-61
Source: NVD (National Vulnerability Database)
Vulnerability Title
AWS SAM CLI 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AWS SAM CLI是Amazon Web Services开源的一个使用 AWS SAM 构建、测试、调试和部署无服务器应用程序的 CLI 工具。 AWS SAM CLI存在安全漏洞,该漏洞源于符号链接可能导致访问主机特权文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AWS | AWS Serverless Application Model Command Line Interface | 1.98.0 ~ 1.133.0 | - |
II. Public POCs for CVE-2025-3047
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) | https://github.com/murataydemir/AWS-SAM-CLI-Vulnerabilities | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-3047
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: AWS
- CVE-2026-7461
OS Command Injection in Amazon ECS Agent via FSx Windows Fil - CVE-2026-7426
Out-of-Bounds Write via Unsanitized Prefix Length in Router - CVE-2026-7425
Out-of-Bounds Read in Router Advertisement Option Parser in - CVE-2026-7424
Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Pl - CVE-2026-7423
Integer Underflow in ICMP Echo Reply Processing in FreeRTOS-
Same weakness: CWE-61
- CVE-2026-29203
cPanel 安全漏洞 - CVE-2026-42275
zrok: WebDAV drive backend follows symlinks outside DriveRoo - CVE-2026-31893
Tunnelblick arbitrary file read via symlink following in tun - CVE-2026-7832
IObit Advanced SystemCare Service ASC.exe symlink - CVE-2026-43570
OpenClaw 2026.3.22 < 2026.4.5 - Symlink Traversal in Remote
V. Comments for CVE-2025-3047
No comments yet