Aqua Security researchers identified these high-risk default roles across multiple AWS services, including SageMaker, Glue, and EMR, as well as in popular open-source projects like Ray. Researchers demonstrated that simply importing a malicious model from Hugging Face into SageMaker could trigger code execution under a highly privileged role. Security researchers have uncovered a serious vulnerability in AWS cloud environments where default configurations can silently create dangerous attack paths. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This previously underestimated risk stems not from user-created misconfigurations but from AWS’s own default settings that automatically deploy overly permissive IAM roles across several services. These “shadow roles,” often created during initial service setup, grant excessive permissions that attackers can exploit to escalate privileges and potentially compromise entire AWS accounts. This permission doesn’t just expose stored data – it enables attackers to manipulate internal behavior of numerous AWS services that rely on S3 for essential assets like scripts, configuration files, and templates. The malicious code then leverages the broad S3 permissions to compromise other services, potentially leading to complete account takeover. The team demonstrated how these roles, originally intended for narrow service-specific use, can be weaponized to perform administrative actions and break isolation boundaries between services. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The vulnerability centers primarily around default roles that include the AmazonS3FullAccess policy or equivalent broad S3 permissions. If any role in an AWS account has AmazonS3FullAccess, it effectively has read/write access to every S3 bucket and, by extension, the ability to tamper with multiple AWS services. When a Hugging Face model containing an inference.py file is imported, SageMaker automatically executes this code even if trust_remote_code=False.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 15:10:23 +0000