CVE-2025-68119 (HIGH): detected in Lambda Docker Images.

[the-lambda-watchdog]

CVE Details

CVE ID	Severity	Affected Package	Installed Version	Fixed Version	Date Published	Date of Scan
CVE-2025-68119	HIGH	libcap	2.73-1.amzn2023.0.5	2.73-1.amzn2023.0.6	2026-01-28T20:16:11.443Z	2026-02-08T10:18:18.781547626Z

---

Affected Docker Images

Image Name	SHA
public.ecr.aws/lambda/provided:latest	public.ecr.aws/lambda/provided@sha256:b552c8a6a9439ade38fc00160b6827ba73f233865b44c75ca66b7d3069b21bd8
public.ecr.aws/lambda/provided:al2023	public.ecr.aws/lambda/provided@sha256:b552c8a6a9439ade38fc00160b6827ba73f233865b44c75ca66b7d3069b21bd8
public.ecr.aws/lambda/python:latest	public.ecr.aws/lambda/python@sha256:c298670d11e7ef1f2ef63357da84c3dbf5176f25b1e8bac43410c4a8f6626fc0
public.ecr.aws/lambda/python:3.14	public.ecr.aws/lambda/python@sha256:426f35313ef4bd78b9ec159301e619c7708b49b22f47e9525763feb773984984
public.ecr.aws/lambda/python:3.13	public.ecr.aws/lambda/python@sha256:c298670d11e7ef1f2ef63357da84c3dbf5176f25b1e8bac43410c4a8f6626fc0
public.ecr.aws/lambda/python:3.12	public.ecr.aws/lambda/python@sha256:5787d35f17fa738e8409f93e591243e80ab03e614d62bc850c0deca2b1065896
public.ecr.aws/lambda/nodejs:latest	public.ecr.aws/lambda/nodejs@sha256:1fe9b37355be76d42678e1ce967437f66a38fb36bc7685c50ee5d05f7bce754b
public.ecr.aws/lambda/nodejs:24	public.ecr.aws/lambda/nodejs@sha256:1d103fa43ec950fec9f0a2f678ece499dd58276a45cbbac52e2ae2d8511ac9ab
public.ecr.aws/lambda/nodejs:22	public.ecr.aws/lambda/nodejs@sha256:1fe9b37355be76d42678e1ce967437f66a38fb36bc7685c50ee5d05f7bce754b
public.ecr.aws/lambda/nodejs:20	public.ecr.aws/lambda/nodejs@sha256:4755182a6b9bbb8d713cb585038a8c100012c03fde73af4136e97ff0506f9f16
public.ecr.aws/lambda/java:latest	public.ecr.aws/lambda/java@sha256:82e9a3bdee92873a90a65186e987af72f5256a3fbd432dc32d3ed92eb5f1f4e0
public.ecr.aws/lambda/java:25	public.ecr.aws/lambda/java@sha256:0d37d120a6dab8b2972e07bcf552c37b1bbb9140ce4f1faa13890f1e5fdb7cef
public.ecr.aws/lambda/java:21	public.ecr.aws/lambda/java@sha256:82e9a3bdee92873a90a65186e987af72f5256a3fbd432dc32d3ed92eb5f1f4e0
public.ecr.aws/lambda/dotnet:latest	public.ecr.aws/lambda/dotnet@sha256:de9a13b0c6b1aca3e09a91e58bbc53a4ac20075019fb53f64984e1a344acaf32
public.ecr.aws/lambda/dotnet:10	public.ecr.aws/lambda/dotnet@sha256:291f2b667e980bceefc3041dd95941b782a0deb3364bb4c5d1a656451f482e3a
public.ecr.aws/lambda/dotnet:9	public.ecr.aws/lambda/dotnet@sha256:de9a13b0c6b1aca3e09a91e58bbc53a4ac20075019fb53f64984e1a344acaf32
public.ecr.aws/lambda/dotnet:8	public.ecr.aws/lambda/dotnet@sha256:5aba1ce4e38cf4989df306c981c86b9b1f187d113cbc1d6e211c391d0d94fd62
public.ecr.aws/lambda/ruby:latest	public.ecr.aws/lambda/ruby@sha256:2acb6aa2ac8390e4cd116d6925ef0201afd2aa8954cf471e981c06236a676276
public.ecr.aws/lambda/ruby:3.4	public.ecr.aws/lambda/ruby@sha256:2acb6aa2ac8390e4cd116d6925ef0201afd2aa8954cf471e981c06236a676276
public.ecr.aws/lambda/ruby:3.3	public.ecr.aws/lambda/ruby@sha256:6a65570479fdb0d7fab7dd755d256b016624678e946c4fbacaade01c0923fb54

---

Description

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.

---

Remediation Steps

• Update the affected package libcap from version 2.73-1.amzn2023.0.5 to 2.73-1.amzn2023.0.6.

About this issue

• This issue may not contain all the information about the CVE nor the images it affects.
• This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
• For more, visit Lambda Watchdog.
• This issue was created automatically by Lambda Watchdog.