ByteOS Network

NVD Vulnerability Details :

CVE-2025-14763

Awaiting Analysis

Source-ff89ba41-3aa1-4d27-914a-91399e9639e5

Published At-17 Dec, 2025 | 21:15

Updated At-18 Dec, 2025 | 15:07

Missing cryptographic key commitment in the Amazon S3 Encryption Client for Java may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade Amazon S3 Encryption Client for Java to version 4.0.0 or later.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	6.0	MEDIUM	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 4.0

Base score: 6.0

Base severity: MEDIUM

Vector:

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-327	Secondary	ff89ba41-3aa1-4d27-914a-91399e9639e5

CWE ID: CWE-327

Type: Secondary

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

References

Hyperlink	Source	Resource
https://aws.amazon.com/security/security-bulletins/AWS-2025-032/	ff89ba41-3aa1-4d27-914a-91399e9639e5	N/A
https://github.com/aws/amazon-s3-encryption-client-java/releases/tag/v4.0.0	ff89ba41-3aa1-4d27-914a-91399e9639e5	N/A
https://github.com/aws/amazon-s3-encryption-client-java/security/advisories/GHSA-x44p-gvrj-pj2r	ff89ba41-3aa1-4d27-914a-91399e9639e5	N/A