- Description
- Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a symlink from a client log file to a privileged location. On log rotation, this could lead to code execution with root privileges if the user made crafted API calls which injected arbitrary code into the log file. We recommend users upgrade to AWS VPN Client for macOS 5.2.1 or the latest version.
- Source
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- NVD status
- Deferred
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- CWE-59
- Hype score
- Not currently trending
#VulnerabilityReport #AWS Critical AWS VPN Client Flaw CVE-2025-11462 (CVSS 9.3) Allows Root Privilege Escalation on macOS https://t.co/yIHUhWcRby
@Komodosec
14 Nov 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍 𝐋𝐚𝐭𝐞𝐬𝐭 𝐂𝐕𝐄 𝐛𝐫𝐞𝐚𝐤𝐝𝐨𝐰𝐧 𝐚𝐯𝐚𝐢𝐥𝐚𝐛𝐥𝐞 𝐧𝐨𝐰! Patch now: A critical flaw in AWS VPN for macOS lets attackers escalate to root. Learn how CVE-2025-11462 works and how to defend against it. 🌐 E
@PurpleOps_io
9 Oct 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AWS VPN Client Flaw CVE-2025-11462 Grants Unauthenticated Root Access on macOS Systems Read the full report on - https://t.co/527YW2i4J5 https://t.co/yUqfqe28Q9
@cyberbivash
8 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
AWSはmacOS版「AWS Client VPN」において、ローカル権限昇格の重大な脆弱性(CVE-2025-11462)を公表した。一般ユーザーがroot権限を取得できる可能性がある。原因はログローテーション時のシンボリックリンク操作を
@yousukezan
8 Oct 2025
3539 Impressions
3 Retweets
21 Likes
12 Bookmarks
0 Replies
0 Quotes
CVE-2025-11462 Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insuff… https://t.co/wqWtRYgDXV
@CVEnew
7 Oct 2025
274 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes