PyPI: sagemaker
CVE-2025-0508
Safety vulnerability ID: SFTY-20250320-49736
Safety legacy ID: pyup.io-76180
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.
Overview
SageMaker Workflow component allows possibility of MD5 hash collisions
Advisory
A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20250320-49736/CVE-2025-0508
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0508
- https://github.com/advisories/GHSA-32g6-mg92-ghm2
- https://nvd.nist.gov/vuln/detail/CVE-2025-0508
- https://github.com/aws/sagemaker-python-sdk/commit/dcdd99f911e8b1a05d19cf1ad939b0fefae47864
- https://huntr.com/bounties/eb056818-5b81-466f-81ee-916058d34af2
- https://github.com/advisories/GHSA-32g6-mg92-ghm2
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more