Cybersecurity researchers have disclosed particulars of a now-patched security flaw within the Amazon EC2 Easy Programs Supervisor (SSM) Agent that, if efficiently exploited, may allow an attacker to attain privilege escalation and code execution.
The vulnerability may allow an attacker to create directories in unintended places on the filesystem, execute arbitrary scripts with root privileges, and certain escalate privileges or carry out malicious actions by writing recordsdata to delicate areas of the system, Cymulate mentioned in a report shared with The Hacker Information.

Amazon SSM Agent is a part of Amazon Net Companies (AWS) that allows directors to remotely handle, configure, and execute instructions on EC2 cases and on-premises servers.
The software program processes instructions and duties outlined in SSM Paperwork, which may embody a number of plugins, every of which is chargeable for finishing up particular duties, resembling working shell scripts or automating deployment or configuration-related actions.
What’s extra, the SSM Agent dynamically creates directories and recordsdata primarily based on the plugin specs, sometimes counting on plugin IDs as a part of the listing construction. This additionally introduces a security threat in that improper validation of those plugin IDs can result in potential vulnerabilities.
The invention by Cymulate is a path traversal flaw arising on account of improper validation of plugin IDs, which may enable attackers to control the filesystem and execute arbitrary code with elevated privileges. The difficulty is rooted in a operate named “ValidatePluginId” inside pluginutil.go.
“This operate fails to correctly sanitize enter, permitting attackers to produce malicious plugin IDs containing path traversal sequences (e.g., ../),” security researcher Elad Beber mentioned.

Because of this flaw, an attacker may basically furnish a specifically crafted plugin ID when creating an SSM doc (e.g., ../../../../../../malicious_directory) to execute arbitrary instructions or scripts on the underlying file system, paving the way in which for privilege escalation and different post-exploitation actions.
Following accountable disclosure on February 12, 2025, the vulnerability was addressed on March 5, 2025, with the discharge of Amazon SSM Agent model 3.3.1957.0.
“Add and use BuildSafePath technique to stop path traversal within the orchestration listing,” in accordance with launch notes shared by the venture maintainers on GitHub.