Critical CVE‑2025‑4318: RCE In AWS Amplify Studio via Unsafe UI Code Evaluation – PoC Out Now

A critical security flaw, identified as CVE-2025-4318, has been discovered in AWS Amplify Studio’s @aws-amplify/codegen-ui package, putting countless Node.js environments at risk of remote code execution.

This vulnerability, which affects versions up to and including 2.20.2, arises from the unfiltered evaluation of user-supplied JavaScript expressions within component property schemas.

The package, a foundational tool for visually composing and exporting React components, allows users to define dynamic behavior such as labels, placeholders, and validation rules directly in JSON-based schemas.

Ideally, such flexibility should be accompanied by strong checks to prevent code injection.

However, in these vulnerable versions, the package evaluates these strings as full-fledged JavaScript without any form of input validation or context restriction.

The technical root of the issue lies in the way the evaluateExpression function processed property expressions.

Instead of limiting the scope or validating input, the code employed direct dynamic execution using the eval function.

For example, the original implementation simply returned eval(expression), treating any incoming string as legitimate code. In collaborative or automated design settings, this trusting approach is hazardous.

It meant that anyone with access to update or suggest component schemas could inject harmful code that would be executed in critical environments including local developer machines, cloud CI/CD pipelines, or production servers.

With Node.js, the risks are especially acute because attackers can access powerful modules like child_process or fs, potentially leading to sensitive data leaks, privilege escalation, or complete system compromise.

Consider a scenario in which a malicious actor submits a seemingly ordinary component with a property such as “value”: “require(‘child_process’).execSync(‘touch /tmp/rce-success’)”.

When rendered or processed by the vulnerable codegen-ui, this expression is evaluated and the attacker’s command is executed with the privileges of the Node.js process.

This is not just theoretical; researchers demonstrated a real-world exploit by setting up a local Amplify Studio project, crafting a schema with the above payload, and verifying that arbitrary shell commands could be run simply by processing the schema.

This highlights a systemic risk for any team sharing amplification schemas or relying on third-party UI templates.

AWS Responds: Patch Strategies And Security Lessons

Upon notification from the security community, AWS moved quickly to release version 2.20.3 of @aws-amplify/codegen-ui, addressing the vulnerability with a series of decisive changes.

The patch replaces the unsafe eval approach with a combination of sandboxed function execution and expression blacklisting.

• Now, before any property expression is evaluated, the code checks for the presence of dangerous keywords such as require, process, child_process, global, eval, and Function.
• Any expression containing those patterns is immediately blocked and throws an error, preventing even the attempted execution of potentially harmful code.
• The revised execution context also uses strict mode to further reduce attack surface, and the code is wrapped to avoid granting access to local or global objects beyond what’s strictly necessary for UI logic.

This event is a powerful warning for all developers and vendors building low-code or no-code solutions.

The ability to inject and run dynamic code is often marketed as a feature but, if not vigilantly secured, it becomes a vector for devastating attacks.

Vendors must never trust inputs that are ultimately executed in privileged contexts, must avoid dynamic evaluation constructs such as eval and Function for user-driven data, and must implement rigorous input validation and blacklisting.

Rapid patching and dependency auditing are also essential, as wide-ranging automation and cloud-native development practices mean vulnerabilities can propagate quickly through an organization.

Teams using Amplify Studio or similar tools are strongly urged to review their workflows, immediately upgrade to the fixed version of the package, and audit any custom component schemas for unsafe dynamic logic.

The broader lesson for the industry is that flexibility and developer convenience must never come at the expense of security, especially when designing tools that bridge the gap between user input and executable code.