CVE-2025-1969

MEDIUM5.3

Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center

Published Mar 4, 2025

Modified 3 months ago

No fix available

Details

Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM.

Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process

References

ADVISORYhttps://aws.amazon.com/security/security-bulletins/AWS-2025-004/FIXhttps://github.com/aws-samples/iam-identity-center-team/releases/tag/v1.2.2 ADVISORYhttps://github.com/aws-samples/iam-identity-center-team/security/advisories/GHSA-x9xv-r58p-qh86 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-1969

CVSS Analysis

CVSS v4.0

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

LowVI:L

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.3/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Weakness Type (CWE)

Other

CWE-807

Ecosystems

Timeline

PublishedMar 4, 2025

ModifiedOct 14, 2025