PT-2025-33036 · Amazon · Amazon Emr
Published
2025-08-13
·
Updated
2026-01-12
·
CVE-2025-8904
CVSS v3.1
8.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Amazon EMR versions 6.10 through 7.4
Amazon EMR version 7.5 and higher
Description:
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges.
Recommendations:
Upgrade to Amazon EMR version 7.5 or higher.
For Amazon EMR releases between 6.10 and 7.4, run the bootstrap script and RPM files with the fix provided by the vendor.
Fix
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Emr