CNNVD-202510-895 Information

CNNVD ID

CNNVD-202510-895

Related CVE

CVE-2025-11462

• CNNVD Published: 2025-10-07

Description (Chinese)

Amazon AWS VPN Client是美国亚马逊（Amazon）公司的一种完全托管的远程访问 VPN 解决方案。 Amazon AWS VPN Client 1.3.2版本至5.2.0版本存在安全漏洞，该漏洞源于日志轮转期间对日志目标目录验证不足，可能导致权限提升和代码执行。

Description (English)

Amazon AWS VPN Clinic is a fully hosted remote access VPN solution for Amazon America. There is a security loophole in Amazon AWS VPN Channel 1.3.2 to 5.2.0, which results from inadequate validation of log destination directories during log rotation, which may lead to rights enhancement and code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

亚马逊

Published

2025-10-07

Last Modified

2026-02-24

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-020/ https://aws.amazon.com/vpn/client-vpn-download/ https://access.redhat.com/security/cve/cve-2025-11462

Patch

https://aws.amazon.com/cn/vpn/client-vpn-download/