How CVE-2025-3047 Works
The AWS SAM CLI (<= v1.132.0) allows local privilege escalation when using Docker container builds (--use-container). Attackers can exploit symlinks in build directories to access restricted host files. The CLI grants elevated permissions to Docker, enabling symlinks to traverse outside the build directory. Malicious symlinks can redirect file operations to sensitive host paths (e.g., /etc/passwd), copying them into the container. This occurs because the tool fails to properly sanitize symlink paths during the build process, allowing host file system access under container privileges.
DailyCVE Form:
Platform: AWS SAM CLI
Version: <= v1.132.0
Vulnerability: Symlink escape
Severity: Critical
Date: 2025-04-01
What Undercode Say:
Exploitation:
1. Create malicious symlink:
ln -s /etc/passwd ./malicious_link
2. Trigger build with vulnerable SAM CLI:
sam build --use-container
3. Exfiltrate host files: The container copies `/etc/passwd` into the build context.
Protection:
1. Upgrade SAM CLI:
pip install --upgrade aws-sam-cli
2. Disable symlink resolution:
sam build --use-container --no-mount-symlinks
3. Audit build directories:
find . -type l -exec ls -la {} \;
Detection:
Check SAM CLI version: sam --version | grep -q "1.13[bash]" || echo "Vulnerable"
Code Fix (Patch Analysis):
AWS’s patch in v1.133.0 adds symlink validation:
def sanitize_path(path):
if os.path.islink(path):
raise ValueError("Symlinks not allowed")
Mitigation Commands:
- Restrict Docker privileges:
docker run --security-opt no-new-privileges ...
- Isolate build directories:
chmod 700 ./build_dir
References:
References:
Reported By: https://github.com/advisories/GHSA-px37-jpqx-97q9
Extra Source Hub:
Undercode
