CNNVD-202512-3240 Information

CNNVD ID

CNNVD-202512-3240

Related CVE

CVE-2025-14760

• CNNVD Published: 2025-12-17

Description (Chinese)

AWS SDK for C++是Amazon Web Services开源的一个C++的开发者工具包 AWS SDK for C++存在安全漏洞，该漏洞源于缺少加密密钥承诺，可能导致具有S3存储桶写入权限的用户引入新的EDK，解密出不同的明文。

Description (English)

AWS SDK for C++ is a C++ development toolkit for Amazon Web Services open source AWS SDK for C++ has a security loophole, which stems from a lack of encryption key commitments, which could lead to new EDKs being introduced by users with S3 cans with write permission to decrypt different specifications.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Amazon Web Services

Published

2025-12-17

Last Modified

2026-02-24

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-032/ https://github.com/aws/aws-sdk-cpp/releases/tag/1.11.712 https://github.com/aws/aws-sdk-cpp/security/advisories/GHSA-792f-r46x-r7gm

Patch

https://github.com/aws/aws-sdk-cpp/tags