CVE-2025-0508 MEDIUM

CVE-2025-0508: MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk

Vendor Aws

Product aws/sagemaker-python-sdk

Weakness CWE-328 · Weak hash

Published March 20, 2025

Last update October 15, 2025

View on NVD All CVEs

CVSS base score

5.9/10

Attack vector Network

Attack complexity High

Privileges required None

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

Description

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.

Key dates

Disclosure timeline

March 20, 2025 CVE published

October 15, 2025 Record updated

Identifiers

CVE CVE-2025-0508

CWE CWE-328

CVSS 5.9 / MEDIUM

Affected versions

Vendor Aws

Product aws/sagemaker-python-sdk

Affected ≥ unspecified and < 4965