Overview

Recently, cybersecurity experts discovered a highly critical security vulnerability in AWS Amplify Studio—a visual user interface (UI) development platform provided by Amazon Web Services. It helps developers and designers quickly create, manage, and deploy web/mobile applications. This vulnerability is identified as CVE-2025-4318, with a CVSS score of 9.5/10, allowing attackers to execute remote code (RCE) on a developer's machine or an automated CI/CD system.

Description of the Vulnerability

Identifier: CVE-2025-4318

Severity: Critical (CVSS 4.0 = 9.5/10)

Disclosure Date: May 5, 2025

Description: A serious RCE (Remote Code Execution) vulnerability was discovered in the @aws-amplify/codegen-ui package—a component of AWS Amplify Studio

Main impacts:

Remote Code Execution (RCE) with system build privileges
Could lead to takeover of the CI/CD pipeline
Affects the entire software supply chain if the generated code is widely used

Why does the vulnerability exist?

This vulnerability exists due to the inherent design mechanism in AWS's processing. As we know, the @aws-amplify/codegen-ui library allows users to create UI components by providing a JSON structure that describes properties (props) like label, placeholder, value, onChange, etc. To achieve this, the library allows users to use JavaScript expressions in the form of strings.

This leads AWS Amplify to use eval() or new Function() to handle dynamic input without filtering, resulting in potential risks that attackers can exploit.
Additionally, the execution of the vulnerability arises from the lack of mechanisms to control dangerous values or content.

This allows an attacker to execute RCE if they write a string like this into the value field:

\=> It will be executed immediately in the Node.js environment of the build machine or CI/CD server.

How an attacker exploits the vulnerability

Initially, the attacker will create a Bash script in the @aws-amplify/codegen-ui@2.20.2 library.

When the attacker runs the script, it will cause several consequences:
- A JSON file containing the payload require('child_process').execSync('touch /tmp/pwned') will be created.
- Node.js will execute the payload through new Function(...), mimicking the behavior of the old Amplify codegen.
- A /tmp/pwned file will be created if the exploit is successful.
Then the attacker continues by creating a file named run.js to execute the eval() payload from JSON and runs an HTTP server on port 8080 to serve the files if a browser needs to access them.

run.js will take the string from placeholder.value and execute it using eval().
http-server is used to serve files over HTTP, which can be used to:
- Simulate a victim's machine accessing files from the attacker.
- Demo in a sandbox environment.
Finally, after running the script files and injecting malicious JavaScript code into the JSON files defining the interface, it can:
- Execute system commands.
- Access or steal sensitive data.
- Modify files or install malware to maintain unauthorized access.

Summary

The vulnerability exists in the @aws-amplify/codegen-ui library version 2.20.2 and can affect CI/CD pipelines, Amplify Studio applications, or local Node.js environments if unsafe handling of user-submitted JSON component files occurs.

This vulnerability also demonstrates how a little carelessness in handling user data can lead to comprehensive system attacks, especially in the increasingly popular era of low-code/no-code.

Recommendations

Update to the latest version of @aws-amplify/codegen-ui:
- npm install @aws-amplify/codegen-ui@latest
Do not download or use JSON UI component files from unknown sources.
Absolutely avoid using eval(), Function(), or vm.runInNewContext() to process values from JSON without verification.
Regularly check the directories /tmp or ~ if you suspect the system has been compromised (touch /tmp/pwned is a sample payload).
Use virtual machines or Docker to test tools related to dynamic code generation (codegen) from the UI.

Serious vulnerability in AWS Amplify allows officers to execute codes from afar