VDB

GCVE-110-CLOUD-2025-0048

GCVE-110-CLOUD-2025-0048
Advisory Published
Vulnetix · Advisory published February 19, 2025
AWS solution 'Dynamic Image Transformation for Amazon CloudFront', prior to version 6.2.6, contains a configuration weakness. The Lambda role doesn't constrain bucket access, and the environment variable can be set to a wildcard, allowing access to any bucket. This could potentially lead to unintended access to sensitive images across multiple buckets in the AWS account.

Affected Products

VendorProductVersionsPlatforms
AWSCloudFront
AWSConfig
AWSLambda

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›