Normj

#11441of 53,624
24Total CVSS
Vulnerabilities · 4
Medium
4
PT-2025-51880
6.0
2025-12-17
Amazon · Amazon S3 Encryption Client For .Net · CVE-2025-14759
**Name of the Vulnerable Software and Affected Versions** Amazon S3 Encryption Client for .NET versions prior to 3.2.0 **Description** A flaw exists in the Amazon S3 Encryption Client for .NET where a missing cryptographic key commitment could allow a user with write access to an S3 bucket to introduce a new encryption data key (EDK) that decrypts to different plaintext. This is possible when the encrypted data key is stored in an instruction file instead of S3’s metadata record. **Recommendations** Upgrade Amazon S3 Encryption Client for .NET to version 3.2.0 or later.
PT-2025-51881
6.0
2025-12-17
Amazon Web Services · Aws Sdk For C++ · CVE-2025-14760
**Name of the Vulnerable Software and Affected Versions** AWS SDK for C++ versions prior to 1.11.712 **Description** A missing cryptographic key commitment in the AWS SDK for C++ could allow a user with write access to an S3 bucket to introduce a new encryption data key (EDK) that decrypts to different plaintext. This is possible when the encrypted data key is stored in an instruction file instead of S3’s metadata record. **Recommendations** Upgrade AWS SDK for C++ to version 1.11.712 or later.
PT-2025-51882
6.0
2025-12-17
Amazon Web Services · Aws Sdk For Php · CVE-2025-14761
**Name of the Vulnerable Software and Affected Versions** AWS SDK for PHP versions prior to 3.368.0 **Description** A missing cryptographic key commitment in the AWS SDK for PHP could allow a user with write access to an S3 bucket to introduce a new Encryption Data Key (EDK) that decrypts to different plaintext. This is possible when the encrypted data key is stored in an instruction file instead of S3’s metadata record. **Recommendations** Upgrade AWS SDK for PHP to version 3.368.0 or later.
PT-2025-51883
6.0
2025-12-17
Amazon Web Services · Aws Sdk For Ruby · CVE-2025-14762
**Name of the Vulnerable Software and Affected Versions** AWS SDK for Ruby versions prior to 1.208.0 **Description** A missing cryptographic key commitment in the AWS SDK for Ruby could allow a user with write access to an S3 bucket to introduce a new encryption data key (EDK) that decrypts to different plaintext. This is possible when the encrypted data key is stored in an instruction file instead of S3’s metadata record. **Recommendations** Upgrade AWS SDK for Ruby to version 1.208.0 or later.