CVE-2025-4318

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.

CVSS

No CVSS.

References

Link	Resource
https://aws.amazon.com/security/security-bulletins/AWS-2025-010/
https://blog.securelayer7.net/cve-2025-4318-aws-amplify-rce/
https://blog.securelayer7.net/cve-2025-4318-aws-amplify-rce/
https://github.com/aws-amplify/amplify-codegen-ui/security/advisories/GHSA-hf3j-86p7-mfw8

Configurations

No configuration.

History

10 Jun 2025, 01:15

Type	Values Removed	Values Added
References		() https://github.com/aws-amplify/amplify-codegen-ui/security/advisories/GHSA-hf3j-86p7-mfw8 - () https://blog.securelayer7.net/cve-2025-4318-aws-amplify-rce/ -

05 May 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-05 19:15

Updated : 2025-07-18 17:15

NVD link : CVE-2025-4318

Mitre link : CVE-2025-4318

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2025-4318

Attach tags to `CVE-2025-4318`