VDB

GCVE-110-CLOUD-2025-0052

GCVE-110-CLOUD-2025-0052
Advisory Published
Vulnetix · Advisory published January 16, 2025
A vulnerability in AWS CloudWatch dashboard sharing allowed viewers to access EC2 instance tags and potentially invoke Lambda functions in the source account. The issue stemmed from a logic bug in the AWS Console combined with a "fail open" condition in Amazon Cognito. AWS has since patched the vulnerability.

Affected Products

VendorProductVersionsPlatforms
AWSCloudWatch
AWSEC2
AWSCognito
AWSSES
AWSLambda

Browse GCVE Records

72,921 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›