216.73.217.64

CVE-2025-8069

· Published 23/07/2025 16:15 · Modified 23/07/2025 16:15

Labels: CVE-2025-8069 2025-07-23CVE-2025-8069CWE-276ff89ba41-3aa1-4d27-914a-91399e9639e5

Essential information

Published
23/07/2025 16:15
Modified
23/07/2025 16:15
Author
Creator
CVSS
7.3 HIGH (v3) 7.3 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. This issue does not affect Linux or Mac devices. We recommend users discontinue any new installations of AWS Client VPN on Windows prior to version 5.2.2.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD
View on NVD

Affected products (CPE)

ProductCPE
amazon / aws client vpn cpe:2.3:a:amazon:aws_client_vpn:<5.2.2:*:*:*:*:*:*

References