- Description
- The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.
- Source
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 9.5
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- ff89ba41-3aa1-4d27-914a-91399e9639e5
- CWE-95
- Hype score
- Not currently trending
🚨 CVE-2025-4318 – Ejecución de Código Arbitrario en AWS Amplify Studio por Inyección de Expresiones 🚨 🔴 Nivel de Urgencia: Crítico https://t.co/0oFj2H4ZJq
@BanCERT_gt
23 May 2025
12 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-4318 ⚠️🔴 CRITICAL (9.5) 🏢 Amazon - Amplify Studio 🏗️ 0.1.0 🔗 https://t.co/pRnyvuvsbr #CyberCron #VulnAlert #InfoSec https://t.co/EXRLmK09dP
@cybercronai
7 May 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4318: CRITICAL] Warning: Unvalidated input in AWS Amplify Studio UI component expressions may lead to potential code execution by authenticated users. #CyberSecurity#cve,CVE-2025-4318,#cybersecurity https://t.co/J6cSJT4LOA https://t.co/Eo7yM9yijo
@CveFindCom
5 May 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes