CVE-2025-3048

After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace.

Users should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build –use-container to update the symlinks.

Weakness

The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

Potential Mitigations

• Follow the principle of least privilege when assigning access rights to entities in a software system.
• Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/27.html

References

• https://aws.amazon.com/security/security-bulletins/AWS-2025-008/
• https://github.com/aws/aws-sam-cli/releases/tag/v1.134.0
• https://github.com/aws/aws-sam-cli/security/advisories/GHSA-pp64-wj43-xqcr