What is the severity of CVE-2025-0508?

The severity of CVE-2025-0508 is critical due to the potential for workflow replacement from duplicate MD5 hash collisions.

How do I fix CVE-2025-0508?

To fix CVE-2025-0508, developers should implement stronger hash functions instead of MD5 in their workflows.

What products are affected by CVE-2025-0508?

CVE-2025-0508 affects all versions of the Amazon SageMaker Workflow component of the aws/sagemaker-python-sdk.

What could happen if CVE-2025-0508 is exploited?

Exploitation of CVE-2025-0508 could lead to corrupted workflows and unwanted replacements due to hash collisions.

How can I determine if my system is vulnerable to CVE-2025-0508?

To determine if your system is vulnerable to CVE-2025-0508, check if you are using the affected versions of the SageMaker Workflow in your workflows.

Vulnerability/
CVE-2025-0508

medium

5.9

CWE

440

20/3/2025

21/3/2025

CVE-2025-0508: MD5 Hash Collision in SageMaker Workflow in aws/sagemaker-python-sdk

First published: Thu Mar 20 2025(Updated: )

A vulnerability in the SageMaker Workflow component of aws/sagemaker-python-sdk allows for the possibility of MD5 hash collisions in all versions. This can lead to workflows being inadvertently replaced due to the reuse of results from different configurations that produce the same MD5 hash. This issue can cause integrity problems within the pipeline, potentially leading to erroneous processing outcomes.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
Amazon SageMaker Workflow	<=
pip/sagemaker	<2.237.3	2.237.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-0508?
The severity of CVE-2025-0508 is critical due to the potential for workflow replacement from duplicate MD5 hash collisions.
How do I fix CVE-2025-0508?
To fix CVE-2025-0508, developers should implement stronger hash functions instead of MD5 in their workflows.
What products are affected by CVE-2025-0508?
CVE-2025-0508 affects all versions of the Amazon SageMaker Workflow component of the aws/sagemaker-python-sdk.
What could happen if CVE-2025-0508 is exploited?
Exploitation of CVE-2025-0508 could lead to corrupted workflows and unwanted replacements due to hash collisions.
How can I determine if my system is vulnerable to CVE-2025-0508?
To determine if your system is vulnerable to CVE-2025-0508, check if you are using the affected versions of the SageMaker Workflow in your workflows.

agent/title
agent/weakness
agent/description
agent/type
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
collector/nvd-api
source/NVD
agent/author
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-32g6-mg92-ghm2
alias/CVE-2025-0508
agent/source
agent/references
agent/last-modified-date
agent/softwarecombine
agent/event
collector/nvd-cve
agent/tags
collector/mitre-cve
source/MITRE
collector/github-advisory
vendor/amazon
canonical/amazon sagemaker workflow
package-manager/pip

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.