VDB
GCVE-110-CLOUD-2025-0048
GCVE-110-CLOUD-2025-0048
Advisory Published
AWS solution 'Dynamic Image Transformation for Amazon CloudFront', prior to version 6.2.6, contains a configuration weakness. The Lambda role doesn't constrain bucket access, and the environment variable can be set to a wildcard, allowing access to any bucket. This could potentially lead to unintended access to sensitive images across multiple buckets in the AWS account.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| AWS | CloudFront | — | — |
| AWS | Config | — | — |
| AWS | Lambda | — | — |
References
Browse GCVE Records
71,925 records in the GCVE database · Updated July 13, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.