Cryptographic Key Vulnerability in AWS SDK for PHP by Amazon
CVE-2025-14761

6MEDIUM

Key Information:

Vendor

Aws

Status
Aws Sdk For PHP
Vendor
CVE Published:
17 December 2025

What is CVE-2025-14761?

The AWS SDK for PHP features an issue related to the commitment of cryptographic keys which can potentially enable a user with write permissions to an S3 bucket to generate a new Encrypted Data Key (EDK). This issue arises when the EDK's encrypted data key is stored in an 'instruction file' rather than integrated into S3's metadata, leading to possible exposure of different plaintext upon decryption. It is recommended that users upgrade to AWS SDK for PHP version 3.368.0 or later to address these vulnerabilities effectively.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

AWS SDK for PHP 3.368.0

References

https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/aws/aws-sdk-php/security/advisories/GH...
third-party-advisory
https://github.com/aws/aws-sdk-php/releases/tag/3.368.0
patch

CVSS V4

Score:
6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.