CVE-2025-3047

MEDIUM

SAM CLI <v1.133.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-3047. PoCs published by murataydemir.

AI-analyzed exploit summary This README provides a detailed analysis of CVE-2025-3047, a symlink path traversal vulnerability in AWS SAM CLI <= v1.132.0, which allowed unauthorized file access on the host machine during `sam build --use-container`. The writeup includes root cause analysis, affected code snippets, patch details, and remediation guidance.

Description

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.

Exploits (1)

nomisec WRITEUP

by murataydemir · poc

https://github.com/murataydemir/AWS-SAM-CLI-Vulnerabilities

View Code ZIP pw:eip

This README provides a detailed analysis of CVE-2025-3047, a symlink path traversal vulnerability in AWS SAM CLI <= v1.132.0, which allowed unauthorized file access on the host machine during `sam build --use-container`. The writeup includes root cause analysis, affected code snippets, patch details, and remediation guidance.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: AWS SAM CLI <= v1.132.0

No auth needed

Prerequisites: Ability to plant a malicious symlink in the project directory · Docker container running with elevated privileges

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources vendor-advisory

https://aws.amazon.com/security/security-bulletins/AWS-2025-008/

Vendor Advisory third-party-advisory

https://github.com/aws/aws-sam-cli/security/advisories/GHSA-px37-jpqx-97q9

Release Notes patch

https://github.com/aws/aws-sam-cli/releases/tag/v1.134.0

Scores

CVSS v3 6.5

EPSS 0.0012

EPSS Percentile 30.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-61

Status published

Products (2)

AWS/AWS Serverless Application Model Command Line Interface 1.98.0 - 1.133.0

pypi/aws-sam-cli 0 - 1.133.0PyPI

Published Mar 31, 2025

Tracked Since Feb 18, 2026