
We found results for “”
CVE-2025-0508
Good to know:


Date: March 20, 2025
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Expected Behavior Violation
CWE-440Top Fix

Upgrade Version
Upgrade to version sagemaker - 2.237.3;sagemaker - 2.237.3;sagemaker - 2.237.3;https://github.com/aws/sagemaker-python-sdk.git - v2.237.3
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | HIGH |
Availability (A): | NONE |