Amazon Web Services (AWS) has addressed a critical security flaw (CVE-2025-4318) in its AWS Amplify Studio platform, which could have allowed authenticated attackers to execute malicious JavaScript code during component rendering.
The vulnerability, publicly disclosed on May 5, 2025, affects the amplify-codegen-ui package, a core tool for generating front-end code in Amplify Studio.
https://gbhackers.com/critical-aws-amplify-studio-flaw/