MD5 Hash Collision Vulnerability in SageMaker Workflow by AWS
CVE-2025-0508

5.9MEDIUM

Key Information:

Vendor: Aws
Status: Aws/sagemaker-python-sdk
Vendor: CVE Published:; 20 March 2025

What is CVE-2025-0508?

The SageMaker Workflow component of the aws/sagemaker-python-sdk is vulnerable to hash collisions stemming from the MD5 hashing algorithm. This flaw can result in multiple configurations producing identical MD5 hashes, potentially leading to the inadvertent replacement of workflows. Such occurrences can severely compromise the integrity of data processing pipelines, resulting in erroneous outcomes that can affect business operations and data analysis accuracy. Users should be aware of this vulnerability and implement necessary measures to mitigate its impact.

Affected Version(s)

aws/sagemaker-python-sdk < 4965

References

https://huntr.com/bounties/eb056818-5b81-466f-81ee-916058...

https://github.com/aws/sagemaker-python-sdk/commit/dcdd99...

CVSS V3.0

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jan 15, 2025

Aws

What is CVE-2025-0508?

Affected Version(s)

References

CVSS V3.0

Timeline