vulnerability

Amazon Linux 2023: CVE-2025-47914: Medium priority package update for runfinch-finch (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:N/A:P)	Nov 19, 2025	Jan 12, 2026	Jan 12, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

Nov 19, 2025

Added

Jan 12, 2026

Modified

Jan 12, 2026

Description

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Solutions

amazon-linux-2023-upgrade-amazon-cloudwatch-agentamazon-linux-2023-upgrade-runfinch-finch

References

CVE-2025-47914
https://attackerkb.com/topics/CVE-2025-47914
URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1336.html
URL-https://alas.aws.amazon.com/AL2023/ALAS-2025-1358.html
CWE-125

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today