cvedb.io
CVE-2025-4318
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2025-05-05T19:15:57.847 · Last modified 2026-06-17T09:33:01.020

Summary

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build process.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.