VDB

CVE-2025-4318

CVE-2025-4318 PUBLISHED CVSS 9.5 CRITICAL

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.

EPSS 0.24% · 46.8th percentile

Risk Scores

CVSS 4.0
9.5
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS Score
0.24%
46.8th percentile

Affected Products

VendorProductVersions
AmazonAmplify Studio0.1.0

Timeline

  • May 5, 2025 CVE Published
  • May 5, 2025 PoC Published
  • May 5, 2025 PoC Published
  • May 5, 2025 PoC Published
  • May 6, 2025 EPSS Score
  • May 6, 2025 PoC Published
  • May 7, 2025 PoC Published
  • May 7, 2025 PoC Published
  • May 18, 2025 EPSS Score
  • May 29, 2025 EPSS Score
  • Jun 6, 2025 PoC Published
  • Jun 7, 2025 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›