Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.Join the Virtual Cyber Forum: Threat IntelRegister Now
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-3047

CVE-2025-3047: AWS SAM CLI Privilege Escalation Flaw

CVE-2025-3047 is a privilege escalation vulnerability in AWS Serverless Application Model CLI that allows unauthorized access to privileged host files through symlinks. This article covers technical details, impact, and mitigation.

Updated: January 22, 2026

CVE-2025-3047 Overview

CVE-2025-3047 is a symlink attack vulnerability affecting the AWS Serverless Application Model Command Line Interface (SAM CLI). When running the SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. An attacker could exploit the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container.

Critical Impact

Attackers can leverage symlinks during the Docker-based build process to read privileged host files, potentially exposing sensitive credentials, configuration data, or other protected information from the development or build environment.

Affected Products

  • AWS SAM CLI versions prior to v1.133.0
  • Docker-based SAM CLI build environments with symlinks in build files
  • Forked or derivative SAM CLI implementations lacking the security patch

Discovery Timeline

  • March 31, 2025 - CVE-2025-3047 published to NVD
  • October 14, 2025 - Last updated in NVD database

Technical Details for CVE-2025-3047

Vulnerability Analysis

This vulnerability falls under CWE-61 (UNIX Symbolic Link Following), a class of file system vulnerabilities where applications follow symbolic links without proper validation. In the context of AWS SAM CLI, the build process running within Docker containers does not adequately restrict symlink resolution, allowing symbolic links within build artifacts to point to and access files outside the intended build context on the host system.

The elevated permissions granted to the SAM CLI tool during Docker-based builds create an environment where symlinks can be exploited to traverse the file system boundary between the container and host. This allows unauthorized access to privileged files that should remain protected from container workloads.

Root Cause

The root cause of this vulnerability lies in insufficient symlink validation during the SAM CLI build process when operating with Docker. The tool fails to properly sanitize or restrict symlink targets within build files, allowing symbolic links to reference arbitrary host paths. Combined with the elevated permissions required for Docker operations, this creates a path traversal condition where container processes can read files outside their intended scope.

Attack Vector

The attack requires network access and user interaction (specifically, a user must run the vulnerable SAM CLI build command). An attacker could craft malicious build files containing symbolic links that point to sensitive host files such as /etc/passwd, SSH keys, AWS credentials, or other privileged configuration files. When the SAM CLI build process executes within Docker, these symlinks are followed with elevated permissions, allowing the attacker to read the targeted files and copy them to an accessible location within the container's file system.

The exploitation scenario typically involves:

  1. Creating a serverless application project with malicious symlinks embedded in the build artifacts
  2. The symlinks target sensitive host files outside the build context
  3. During sam build execution with Docker, the container follows these symlinks
  4. The elevated permissions allow reading privileged host files
  5. The attacker copies the exposed content to a permissive container location for exfiltration

Detection Methods for CVE-2025-3047

Indicators of Compromise

  • Unexpected symlinks in SAM CLI project directories or build artifacts pointing outside the project root
  • Build processes accessing files in /etc/, /root/, or other sensitive host directories
  • Unusual file copy operations from privileged locations to container-accessible paths
  • SAM CLI build logs showing resolution of unexpected file paths

Detection Strategies

  • Monitor SAM CLI build processes for symlink creation or resolution to paths outside the project directory
  • Implement file integrity monitoring on sensitive host files accessed during container operations
  • Review SAM CLI project files for suspicious symbolic links before executing builds
  • Enable Docker audit logging to track container-to-host file access patterns

Monitoring Recommendations

  • Deploy endpoint detection and response (EDR) solutions to monitor file system operations during SAM CLI builds
  • Configure alerting for Docker container processes that access sensitive host paths such as credentials or configuration files
  • Implement SentinelOne Singularity to detect anomalous file access patterns indicative of symlink exploitation
  • Review AWS CloudTrail logs for unusual SAM deployment activities that may follow exploitation attempts

How to Mitigate CVE-2025-3047

Immediate Actions Required

  • Upgrade AWS SAM CLI to version v1.133.0 or newer immediately
  • Review existing SAM CLI projects for suspicious symlinks in build directories
  • Audit any forked or derivative SAM CLI implementations and apply equivalent patches
  • Temporarily avoid using Docker-based SAM CLI builds if immediate patching is not possible

Patch Information

AWS has released security patches addressing this vulnerability. Users should upgrade to SAM CLI version v1.133.0 or newer. The security advisory and release information can be found through the following resources:

  • AWS Security Bulletin AWS-2025-008
  • GitHub AWS SAM CLI Release v1.134.0
  • GitHub Security Advisory GHSA-px37-jpqx-97q9

Workarounds

  • Avoid using Docker-based builds with untrusted or externally-sourced SAM CLI projects until patched
  • Manually inspect build directories for symlinks before executing sam build commands
  • Use non-Docker build modes where possible as a temporary mitigation
  • Implement strict file system permissions to limit the impact of potential symlink traversal
bash
# Check SAM CLI version and upgrade if needed
sam --version
pip install --upgrade aws-sam-cli

# Verify installation meets minimum patched version
sam --version | grep -E "SAM CLI, version 1\.(1[3-9][3-9]|[2-9][0-9]{2})\."

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypePrivilege Escalation
  • Vendor/TechAws Sam Cli
  • SeverityMEDIUM
  • CVSS Score6.9
  • EPSS Probability0.03%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityNone
  • CWE References
  • CWE-61
  • Technical References
  • AWS Security Bulletin AWS-2025-008
  • GitHub AWS SAM CLI Release
  • GitHub Security Advisory GHSA-px37-jpqx-97q9
  • Latest CVEs
  • CVE-2025-11419: Keycloak TLS DoS Vulnerability
  • CVE-2025-13947: WebKitGTK Information Disclosure Flaw
  • CVE-2026-40322: SiYuan Knowledge Management RCE Vulnerability
  • CVE-2026-40318: SiYuan Path Traversal Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English