CVE-2025-0508
Published: 20 March 2025
Summary
CVE-2025-0508 is a medium-severity Use of Weak Hash (CWE-328) vulnerability. Its CVSS base score is 5.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Stored Data Manipulation (T1565.001); ranked at the 33.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Machine Learning Libraries; in the Data-Related Vulnerabilities risk domain.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6837
Vulnerability details
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the…
more
same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Machine Learning Libraries
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: sagemaker
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
MD5 hash collisions in SageMaker Workflow enable adversaries to craft different configurations with identical hashes, causing stored workflow results to be incorrectly reused or replaced, facilitating stored data manipulation and integrity compromise.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.