See also our updated, more detailed story of July 29 .

A hacker accessed two AWS source code repositories by exploiting a zero day in its AWS CodeBuild managed service, AWS confirmed early Saturday.

That vulnerability, now allocated CVE-2025-8217, let an attacker “extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment,” it said.

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in