CVE-2025-11462

216.73.216.233

· Published 07/10/2025 20:15 · Modified 08/10/2025 19:38

Labels: CVE-2025-11462 2025-10-07 CVE-2025-11462 CWE-59 ff89ba41-3aa1-4d27-914a-91399e9639e5

Essential information

Published: 07/10/2025 20:15
Modified: 08/10/2025 19:38
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a symlink from a client log file to a privileged location. On log rotation, this could lead to code execution with root privileges if the user made crafted API calls which injected arbitrary code into the log file. We recommend users upgrade to AWS VPN Client for macOS 5.2.1 or the latest version.

NVD status

Status: Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD: View on NVD

Affected products (CPE)

Product	CPE
amazon / web services aws vpn client	`cpe:2.3:a:amazon:web_services_aws_vpn_client:1.3.2-5.2.0:::::::*`
amazon / web services aws vpn client	`cpe:2.3:a:amazon:web_services_aws_vpn_client:5.2.1:::::::*`