CVE-2025-11462

HIGH

AWS VPN Client for macOS <5.2.0 - Privilege Escalation

Title source: llm

Description

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a symlink from a client log file to a privileged location. On log rotation, this could lead to code execution with root privileges if the user made crafted API calls which injected arbitrary code into the log file. We recommend users upgrade to AWS VPN Client for macOS 5.2.1 or the latest version.

References (2)

[Various Sources] https://aws.amazon.com/security/security-bulletins/AWS-2025-020/

[Various Sources] https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos-release-notes.html

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (1)

AWS/Client VPN 1.3.2 - 5.2.1

Published Oct 07, 2025

Tracked Since Feb 18, 2026