CVE-2025-14761

CVSS 5.3 · Medium EPSS 0.02% · P6 Updated Dec 18, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-14761

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用已被攻破或存在风险的密码学算法

Source: NVD (National Vulnerability Database)

Vulnerability Title

Amazon AWS SDK for PHP 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Amazon AWS SDK for PHP是美国亚马逊（Amazon）公司的一款基于PHP平台的用于Amazon Web Services的软件开发工具包。 Amazon AWS SDK for PHP存在安全漏洞，该漏洞源于缺少加密密钥承诺，可能导致具有S3存储桶写入权限的用户引入新的EDK，解密出不同的明文。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
AWS	AWS SDK for PHP	-	-

II. Public POCs for CVE-2025-14761

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-14761

请登录查看更多情报信息。

https://github.com/aws/aws-sdk-php/releases/tag/3.368.0patch
https://aws.amazon.com/security/security-bulletins/AWS-2025-032/vendor-advisory
https://github.com/aws/aws-sdk-php/security/advisories/GHSA-x8cp-jf6f-r4xhthird-party-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-14761

Same Patch Batch · AWS · 2025-12-17 · 6 CVEs total

CVE-2025-14760	5.3 MEDIUM	AWS SDK for C++ 安全漏洞
CVE-2025-14759	5.3 MEDIUM	Amazon S3 Encryption Client for .NET 安全漏洞
CVE-2025-14763	5.3 MEDIUM	Amazon S3 Encryption Client 安全漏洞
CVE-2025-14764	5.3 MEDIUM	Amazon S3 Encryption Client 安全漏洞
CVE-2025-14762	5.3 MEDIUM	AWS SDK for Ruby 安全漏洞

IV. Related Vulnerabilities

Same vendor: AWS

Same weakness: CWE-327

V. Comments for CVE-2025-14761

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-14761

I. Basic Information for CVE-2025-14761

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-14761

III. Intelligence Information for CVE-2025-14761

Same Patch Batch · AWS · 2025-12-17 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-14761

Leave a comment