CVE-2025-11462
CVE-2025-11462
9.3
CriticalPublished:
Last updated:
Source:ff89ba41-3aa1-4d27-914a-91399e9639e5
Deferred
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Local
- Attack Complexity
- Low
- Attack Requirements
- None
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- High
- Availability (Subsequent)
- High
Description
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a symlink from a client log file to a privileged location. On log rotation, this could lead to code execution with root privileges if the user made crafted API calls which injected arbitrary code into the log file. We recommend users upgrade to AWS VPN Client for macOS 5.2.1 or the latest version.
References
ff89ba41-3aa1-4d27-914a-91399e9639e5
https://aws.amazon.com/security/security-bulletins/AWS-2025-020/ff89ba41-3aa1-4d27-914a-91399e9639e5
https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos-release-notes.html