CNNVD-202512-3225 Information
CNNVD ID
CNNVD-202512-3225
Related CVE
- CNNVD Published: 2025-12-17
Description (Chinese)
Amazon AWS SDK for PHP是美国亚马逊(Amazon)公司的一款基于PHP平台的用于Amazon Web Services的软件开发工具包。 Amazon AWS SDK for PHP存在安全漏洞,该漏洞源于缺少加密密钥承诺,可能导致具有S3存储桶写入权限的用户引入新的EDK,解密出不同的明文。
Description (English)
Amazon AWS SDK for PHP is a software development toolkit for Amazon Web Services based on the PHP platform of Amazon Amazon Amazon. Amazon AWS SDK for PHP has a security loophole, which stems from a lack of encryption key commitments, which could lead to new EDKs being introduced by users with S3 cans of writing permission to decrypt different specifications.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
亚马逊
Published
2025-12-17
Last Modified
2026-02-24
References
https://aws.amazon.com/security/security-bulletins/AWS-2025-032/ https://github.com/aws/aws-sdk-php/security/advisories/GHSA-x8cp-jf6f-r4xh https://github.com/aws/aws-sdk-php/releases/tag/3.368.0 https://access.redhat.com/security/cve/cve-2025-14761
Patch
https://aws.amazon.com/cn/sdk-for-php/
Share on: