MD5 Hash Collision Vulnerability in SageMaker Workflow by AWS
CVE-2025-0508

5.9MEDIUM

Key Information:

Vendor: Aws
Status: Aws/sagemaker-python-sdk
Vendor: CVE Published:; 20 March 2025

What is CVE-2025-0508?

The SageMaker Workflow component of the aws/sagemaker-python-sdk is vulnerable to hash collisions stemming from the MD5 hashing algorithm. This flaw can result in multiple configurations producing identical MD5 hashes, potentially leading to the inadvertent replacement of workflows. Such occurrences can severely compromise the integrity of data processing pipelines, resulting in erroneous outcomes that can affect business operations and data analysis accuracy. Users should be aware of this vulnerability and implement necessary measures to mitigate its impact.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

aws/sagemaker-python-sdk < 4965

References

https://huntr.com/bounties/eb056818-5b81-466f-81ee-916058...

https://github.com/aws/sagemaker-python-sdk/commit/dcdd99...

CVSS V3.0

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jan 15, 2025

JSON

Aws

What is CVE-2025-0508?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.