CVE-2025-0508 — MEDIUM (CVSS 5.9) AI Security Vulnerability

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently...

Full analysis pending. Showing NVD description excerpt.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
sagemaker	pip	< 2.237.3	`2.237.3`

Do you use sagemaker? You're affected.

Severity & Risk

CVSS 3.1

5.9 / 10

EPSS

0.1%

chance of exploitation in 30 days

KEV Status

Not in KEV

Sophistication

N/A

Recommended Action

Patch available

Update sagemaker to version 2.237.3

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Technical Details

NVD Description

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.

Weaknesses (CWE)

CWE-328 Use of Weak Hash Primary CWE-440 Expected Behavior Violation Primary

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

Timeline

Published

March 20, 2025

Last Modified

October 15, 2025

First Seen

March 24, 2026