CVE-2025-3047 is a path traversal vulnerability (CWE-22) found in the AWS Serverless Application Model Command Line Interface (SAM CLI) specifically affecting version 1.98.0. The vulnerability manifests during the build process when Docker containers are used and the build files include symbolic links. The SAM CLI runs the build inside a container with elevated permissions, but it fails to properly limit pathname traversal through these symlinks. This flaw allows an attacker who can initiate a build process to leverage the container’s elevated permissions to access and copy privileged files from the host system into the container environment. The issue is exacerbated by the fact that the container environment is granted more permissive access than intended, effectively breaking the isolation boundary. The vulnerability does not require prior authentication or privileges but does require user interaction to trigger the build. The CVSS 4.0 score is 6.9 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but user interaction needed, and high impact on confidentiality. AWS has addressed this vulnerability in SAM CLI version 1.133.0 and later, and users are advised to upgrade and patch any forked or derivative codebases accordingly. No known exploits are currently reported in the wild.

For European organizations, this vulnerability poses a risk of unauthorized access to sensitive files on host systems running vulnerable SAM CLI versions, especially in development and CI/CD environments that use Docker-based builds. Confidentiality is primarily impacted, as attackers could extract privileged files, potentially including credentials, configuration files, or proprietary source code. This could lead to data breaches, intellectual property theft, or further lateral movement within the network. Integrity and availability impacts are minimal but cannot be fully ruled out if attackers manipulate build artifacts or disrupt build processes. Organizations relying heavily on AWS SAM CLI for serverless application development or deployment automation are at risk, particularly those with complex build pipelines involving Docker containers and symlinked files. The vulnerability could also undermine trust in container isolation, increasing the attack surface in cloud-native development environments.

European organizations should immediately upgrade all instances of AWS SAM CLI to version 1.133.0 or newer to incorporate the official fix. Review and patch any forked or derivative versions of the SAM CLI to ensure the vulnerability is addressed. Audit build pipelines to identify and remove unnecessary symlinks in build files or restrict their usage. Implement strict container runtime security policies to limit container permissions and prevent containers from accessing host filesystems beyond what is necessary. Employ runtime monitoring and anomaly detection to identify unusual file access patterns during builds. Restrict who can trigger build processes and enforce least privilege principles for users interacting with SAM CLI. Regularly scan development environments for outdated or vulnerable tools and integrate vulnerability management into the DevSecOps lifecycle. Finally, consider isolating build environments on dedicated hosts or virtual machines to reduce potential impact.