CVE-2025-14503

EPSS 0.04%
Veröffentlicht 15.12.2025 19:45:00
Zuletzt bearbeitet 30.01.2026 17:02:34
Quelle ff89ba41-3aa1-4d27-914a-91399e
CVE-Watchlists
Login
Unerledigt
Login

An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges.


We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Amazon ≫ Harmonix SwPlatformaws Version >= 0.3.0 < 0.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.135

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
ff89ba41-3aa1-4d27-914a-91399e9639e5	8.6	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ff89ba41-3aa1-4d27-914a-91399e9639e5	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://github.com/awslabs/harmonix/pull/189

Issue Tracking

https://aws.amazon.com/security/security-bulletins/AWS-2025-031/

Patch

Vendor Advisory

https://github.com/awslabs/harmonix/security/advisories/GHSA-qm86-gqrq-mqcw

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-14503

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-14503

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-14503

EUVD