CVE-2025-14764

CVSS 5.3 · Medium EPSS 0.01% · P2 Updated Dec 18, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-14764

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Go may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Go to version 4.0 or later.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

使用已被攻破或存在风险的密码学算法

Source: NVD (National Vulnerability Database)

Vulnerability Title

Amazon S3 Encryption Client 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Amazon S3 Encryption Client是Amazon Web Services开源的一个客户端加密库。 Amazon S3 Encryption Client存在安全漏洞，该漏洞源于缺少加密密钥承诺，可能导致具有S3存储桶写入权限的用户引入新的EDK，解密出不同的明文。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
AWS	S3 Encryption Client for Go	-	-

II. Public POCs for CVE-2025-14764

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-14764

请登录查看更多情报信息。

Same Patch Batch · AWS · 2025-12-17 · 6 CVEs total

CVE-2025-14760	5.3 MEDIUM	AWS SDK for C++ 安全漏洞
CVE-2025-14759	5.3 MEDIUM	Amazon S3 Encryption Client for .NET 安全漏洞
CVE-2025-14763	5.3 MEDIUM	Amazon S3 Encryption Client 安全漏洞
CVE-2025-14762	5.3 MEDIUM	AWS SDK for Ruby 安全漏洞
CVE-2025-14761	5.3 MEDIUM	Amazon AWS SDK for PHP 安全漏洞

IV. Related Vulnerabilities

Same vendor: AWS

Same weakness: CWE-327

V. Comments for CVE-2025-14764

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2025-14764

I. Basic Information for CVE-2025-14764

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-14764

III. Intelligence Information for CVE-2025-14764

Same Patch Batch · AWS · 2025-12-17 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2025-14764

Leave a comment