Critical Vulnerability Information CVE ID: CVE-2025-8904 GHSA ID: GHSA-hf6h-76fm-735v Severity: Critical (9.0/10) CVSS v4 Base Metrics: - Attack Vector: Network - Attack Complexity: High - Attack Requirements: Present - Required Privileges: Low - User Interaction: None - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High Description: Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. Users with access to this directory and another account may decrypt the key and escalate privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR versions 6.10 and 7.4, it is strongly recommended to run a bootstrap script and RPM file with the fix. Reference Links: - https://nvd.nist.gov/vuln/detail/CVE-2025-8904 - https://aws.amazon.com/security/security-bulletins/AWS-2025-017 - https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-app-versions-7.x.html - GHSA-hf6h-76fm-735v Publication Date: - Published on National Vulnerability Database: August 14, 2023 - Published on GitHub Advisory Database: August 14, 2023 - Last Updated: 4 hours ago