CVE-2025-11462

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a...

CVE-2025-11462

Improper Link Resolution Before File Access in the AWS VPN Client for macOS versions 1.3.2- 5.2.0 allows a local user to execute code with elevated privileges. Insufficient validation checks on the log destination directory during log rotation could allow a non-administrator user to create a...

PT-2025-41169

Name of the Vulnerable Software and Affected Versions AWS VPN Client for macOS versions 1.3.2 through 5.2.0 Description A flaw exists in the AWS VPN Client for macOS that allows a local user to execute code with elevated privileges. Insufficient validation of the log destination directory during...

EUVD-2022-29909

Malicious code in bioql PyPI...

EUVD-2022-29908

Malicious code in bioql PyPI...

CVE-2022-25165

An issue was discovered in Amazon AWS VPN Client 2.0.0. A TOCTOU race condition exists during the validation of VPN configuration files. This allows parameters outside of the AWS VPN Client allow list to be injected into the configuration file prior to the AWS VPN Client service running as SYSTEM...

CVE-2022-25166

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...

CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client

The post CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client appeared first on Rhino Security Labs...