CVE-2025-14762
cryptographic bypass vulnerability in aws-sdk-s3 (RubyGems)
What is CVE-2025-14762 About?
This vulnerability in S3 Encryption Client for Ruby allows a cryptographic bypass due to a lack of key commitment when using instruction files. An attacker can replace the encrypted data key (EDK), which may lead to unwanted plaintext. Exploitation requires specific conditions, including permission to upload a rogue instruction file.
Affected Software
Technical Details
The vulnerability occurs in the S3 Encryption Client for Ruby when an Encrypted Data Key (EDK) is stored in an 'Instruction File' rather than S3 metadata. Older versions (<= 1.207.0) lack 'key commitment' in this configuration, allowing a single ciphertext to be decrypted by multiple EDKs. An attacker capable of creating a rogue EDK that decrypts the object to a desired plaintext, and possessing permissions to replace the legitimate instruction file in the S3 bucket with their rogue version, can initiate an 'Invisible Salamanders' attack. Subsequent decryption attempts will then use the attacker's EDK, modifying the perceived plaintext without detection.
What is the Impact of CVE-2025-14762?
Successful exploitation may allow attackers to bypass cryptographic integrity, leading to data manipulation or unauthorized modification of encrypted content without detection.
What is the Exploitability of CVE-2025-14762?
Exploitation is complex, requiring specific access and cryptographic understanding. An attacker must first be able to generate a crafted encrypted data key (EDK) that can successfully decrypt the target ciphertext into a chosen plaintext. Crucially, the attacker must also possess the necessary permissions to upload and replace the existing instruction file in the S3 bucket with their malicious one. This implies an authenticated attacker with write access to the relevant S3 resources. The attack can be considered remote if the attacker gains access to credentials or a compromised system with S3 write privileges. Key risk factors include overly broad IAM policies on S3 buckets, weak access controls, or a lack of integrity monitoring for instruction files.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2025-14762?
Available Upgrade Options
- aws-sdk-s3
- <1.208.0 → Upgrade to 1.208.0
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2025-14762
- https://github.com/aws/aws-sdk-ruby
- https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq
- https://aws.amazon.com/security/security-bulletins/AWS-2025-032
- https://github.com/aws/aws-sdk-ruby/security/advisories/GHSA-2xgq-q749-89fq
- https://rubygems.org/gems/aws-sdk-s3/versions/1.208.0
- https://github.com/aws/aws-sdk-ruby/commit/b633ba10cd2fbc4cc770b76ab531ed9647654044
- https://aws.amazon.com/security/security-bulletins/AWS-2025-032/
- https://rubygems.org/gems/aws-sdk-s3/versions/1.208.0
- https://osv.dev/vulnerability/GHSA-2xgq-q749-89fq
What are Similar Vulnerabilities to CVE-2025-14762?
Similar Vulnerabilities: CVE-2025-14761 , CVE-2021-27513 , CVE-2020-5636 , CVE-2016-1000338 , CVE-2018-0498
