Vulnerability Description
Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a symlink from a client log file to a privileged location. On log rotation, this could lead to code execution with root privileges if the user made crafted API calls which injected arbitrary code into the log file. We recommend users upgrade to AWS VPN Client for macOS 5.2.1 or the latest version.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://aws.amazon.com/security/security-bulletins/AWS-2025-020/
- https://docs.aws.amazon.com/vpn/latest/clientvpn-user/client-vpn-connect-macos-r
FAQ
What is CVE-2025-11462?
CVE-2025-11462 is a vulnerability with a CVSS score of 7.8 (HIGH). Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the lo...
How severe is CVE-2025-11462?
CVE-2025-11462 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11462?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.