Insecure deserialization in the Amazon Braket SDK job results processing component can allow a remote authenticated user who has S3 write access to the job output bucket to execute arbitrary code on any system that processes those results. The flaw is a classic deserialization weakness (CWE‑502) that compromises confidentiality, integrity, and availability by enabling code execution without further interaction with the SDK consumer. The vulnerability is limited to machines that consume job results and would not affect users who never read or process these outputs on local infrastructure.

The affected product is the AWS Amazon Braket Python SDK, specifically any deployment using a version prior to 1.117.0. The SDK itself is identified by the CNA vendor product list and the CPE string, and any installation of this SDK that processes job results from S3 output buckets is impacted.

The CVSS score of 7.5 marks this flaw as high severity. Because the EPSS score is not available, the exact likelihood of exploitation is unknown, and the vulnerability is not listed in CISA’s KEV catalog, there is no evidence of widespread exploitation yet. The attack vector is remote but requires an authenticated session with permission to write to the job output bucket; once that permission is granted, an attacker can achieve code execution on systems that read and process the stored job results. No additional privileges are required beyond the S3 write access, making the requirement terminal for the exploit.