{"vulnerability": "CVE-2025-3048", "sightings": [{"uuid": "4a02651a-8c93-4695-8959-6b92d32be673", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3048", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114258034481176074", "content": "", "creation_timestamp": "2025-03-31T16:40:47.805646Z"}, {"uuid": "1d68bf6a-6a8d-497d-8ce2-33660143a88a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3048", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114258034481176074", "content": "", "creation_timestamp": "2025-03-31T16:40:47.804753Z"}, {"uuid": "bfd25b9b-5ff8-4881-a014-852f03999119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3048", "type": "seen", "source": "https://bsky.app/profile/alexpulver.bsky.social/post/3llp2szkblt2o", "content": "", "creation_timestamp": "2025-03-31T19:12:03.972328Z"}, {"uuid": "c5ac19fd-bf64-4e63-aab8-dd4800c56f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-30485", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10166", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30485\n\ud83d\udd25 CVSS Score: 6.2 (cvssV3_0, Vector: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files.\n\ud83d\udccf Published: 2025-04-03T06:18:36.311Z\n\ud83d\udccf Modified: 2025-04-03T06:18:36.311Z\n\ud83d\udd17 References:\n1. https://www.centurysys.co.jp/backnumber/common/jvnvu92821536.html\n2. https://jvn.jp/en/vu/JVNVU92821536/", "creation_timestamp": "2025-04-03T06:34:11.000000Z"}, {"uuid": "ddc05758-f424-4f73-8f02-e9ad7c6829f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3048", "type": "seen", "source": "https://t.me/cvedetector/21614", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-3048 - AWS SAM CLI Symlink Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-3048 \nPublished : March 31, 2025, 4:15 p.m. | 48\u00a0minutes ago \nDescription : After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace.  \n  \nUsers should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build --use-container to update the symlinks. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"31 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-31T19:12:18.000000Z"}, {"uuid": "c55b9e50-ba66-4ae3-b4ed-fce331317abe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3048", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3llw55bulzv25", "content": "", "creation_timestamp": "2025-04-03T14:42:13.563916Z"}, {"uuid": "1e7afb4d-aed6-4274-b5d8-64b963589466", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3048", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9675", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3048\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace.\n\nUsers should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build --use-container to update the symlinks.\n\ud83d\udccf Published: 2025-03-31T15:21:16.205Z\n\ud83d\udccf Modified: 2025-03-31T15:21:16.205Z\n\ud83d\udd17 References:\n1. https://aws.amazon.com/security/security-bulletins/AWS-2025-008/", "creation_timestamp": "2025-03-31T15:31:11.000000Z"}, {"uuid": "aea82c2b-307e-4ec7-a27a-c7e2896b8f7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-3048", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/30277", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2025\n\u63cf\u8ff0\uff1aIssue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)\nURL\uff1ahttps://github.com/murataydemir/AWS-SAM-CLI-Vulnerabilities\n\n\u6807\u7b7e\uff1a#CVE-2025", "creation_timestamp": "2025-04-07T06:09:56.000000Z"}]}