CVE-2025-14761

Description

AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• https://github.com/aws/aws-sdk-php/security/advisories/GHSA-x8cp-jf6f-r4xh
• https://nvd.nist.gov/vuln/detail/CVE-2025-14761
• https://github.com/aws/aws-sdk-php/commit/6827cac70397dca07e6e86f7cf630954ec2bc6bf
• https://aws.amazon.com/security/security-bulletins/AWS-2025-032
• https://github.com/FriendsOfPHP/security-advisories/blob/master/aws/aws-sdk-php/CVE-2025-14761.yaml
• https://github.com/aws/aws-sdk-php
• https://github.com/aws/aws-sdk-php/releases/tag/3.368.0