Severity by source
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionCVE.org
Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copy_target/link_target, symlinked parent directories in save_target, or symlinked metadata filenames in SignedRole::write, because write paths trust the joined destination path without post-resolution containment verification.
We recommend you upgrade to tough-v0.22.0 / tuftool-v0.15.0.
Articles & Coverage 1
AnalysisAI
Path traversal vulnerabilities in AWS Tough (a Rust TUF client library) versions prior to 0.22.0 enable authenticated users with delegated signing privileges to write arbitrary files outside intended repository directories, bypassing incomplete fixes from previous security patches. The flaws exist in three distinct code paths: absolute target names in copy_target/link_target operations, symlinked parent directories in save_target, and symlinked metadata filenames in SignedRole::write. AWS has released patches in tough-v0.22.0 and tuftool-v0.15.0 that implement post-resolution path containment verification. No public exploit code or active exploitation confirmed at time of analysis, though CVSS 7.1 HIGH reflects significant integrity impact when exploited.
Technical ContextAI
AWS Tough is a Rust implementation of The Update Framework (TUF), a security framework for software update systems that uses cryptographic signatures and role-based delegation. TUF clients download metadata and target files from repositories while verifying signatures from delegated roles. The vulnerability stems from classic TOCTOU (time-of-check-time-of-use) race conditions in file operations: the code validates that a destination path is within allowed boundaries before symlink resolution, but then writes to the resolved path without re-validating containment. This affects three distinct operations: copy_target and link_target accept absolute paths in target names that bypass relative path validation; save_target follows symlinked parent directories after initial validation; and SignedRole::write trusts symlinked metadata filenames. The root cause maps to CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), specifically the variant where symbolic link resolution occurs after boundary checks. The description notes these are 'incomplete path traversal fixes,' indicating prior CVEs addressed similar issues but missed these attack vectors, suggesting the codebase had partial mitigations that failed under specific conditions.
RemediationAI
Upgrade to AWS Tough 0.22.0 or later and AWS Tuftool 0.15.0 or later, available from GitHub releases (https://github.com/awslabs/tough/releases/tag/tough-v0.22.0 and https://github.com/awslabs/tough/releases/tag/tuftool-v0.15.0) and crates.io (https://crates.io/crates/tough/0.22.0 and https://crates.io/crates/tuftool/0.15.0). The patches implement post-resolution path containment checks that verify destination paths remain within intended directories after symlink resolution. If immediate patching is not feasible, implement compensating controls: restrict delegated signing authority to minimal necessary roles and principals, audit existing delegated role credentials and revoke unnecessary permissions, run TUF repository operations in isolated containers with read-only filesystem mounts outside target directories to limit traversal impact, and monitor file write operations for unexpected paths outside repository boundaries using filesystem audit tools like auditd or osquery (noting this adds operational overhead and may not prevent exploitation, only detect it). Review TUF repository metadata for unauthorized modifications if delegated signers had access during the vulnerability window. These workarounds reduce attack surface but do not eliminate the vulnerability - prioritize vendor-released patches.
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signat
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated
Metadata integrity bypass in AWS tough (TUF client library) before v0.22.0 allows authenticated users with delegated sig
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated
During a snapshot rollback, the client incorrectly caches the timestamp metadata. Rated medium severity (CVSS 5.7), this
During a target rollback, the client fails to detect the rollback for delegated targets. Rated medium severity (CVSS 5.7
Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to th
Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even a
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25629