Amazon CISO Confirms Hacker Exploit Used 2 Zero-Day Attacks

ByDavey Winder,

Senior Contributor.

With Black Friday fast approaching, and the security issues surrounding it already making headlines, any mention of Amazon in an exploit story is bound to get the pulse racing. But you can relax, as this isn’t another Amazon Web Services authentication issue, nor a viral, if totally without legitimacy, Amazon Ring hacking claim. So, what then are the CVE-2025-5777 and CVE-2025-20337 zero-day vulnerabilities used in hack attacks by an “advanced threat actor” that the Amazon Threat Intelligence team has newly confirmed? Here’s everything you need to know.

Not all zero-day threat stories are worth getting unduly excited about. Some, such as the CVE-2025-5777 and CVE-2025-20337 zero-days that Amazon has confirmed were used simultaneously in an attempt to access critical identity and network access control infrastructure, however, are a different kettle of pre-authentication attack concern.

Amazon’s chief information security officer and vice president of security engineering, CJ Moses, has published confirmation of an advanced persistent attacker using two separate and previously undisclosed zero-day vulnerabilities in an exploit campaign against those systems used by enterprises to enforce their security policies and manage authentication.

Amazon CISO Confirms Hacker Exploit Used 2 Zero-Day Attacks

Related reading

Microsoft Windows Alert—Angry Hacker Drops 2 New Zero-Day Exploits

Amazon Issues Attack Alert — 300 Million Customers Are At Risk Now

Google says criminals used AI-built zero-day in planned mass hack spree

Amazon Confirms WorkSpaces Linux Client Authentication Issue

Amazon Issues Attack Warning For 300 Million Customers

State-backed hackers hammer Palo Alto firewall zero-day before patch lands