6
CVE-2025-14761
- EPSS 0.01%
- Veröffentlicht 17.12.2025 20:13:54
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle ff89ba41-3aa1-4d27-914a-91399e
- CVE-Watchlists
- Unerledigt
Upgrade AWS SDK for PHP including security fix (upstream)
Missing cryptographic key commitment in the AWS SDK for PHP may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for PHP to version 3.368.0 or later
Mögliche Gegenmaßnahme
Moodle Server: Update to a patched version.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerAWS
≫
Produkt
AWS SDK for PHP
Default Statusunaffected
Version
3.368.0
Status
unaffected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemMoodle
≫
Produkt
Moodle Server
Version
< 4.5.0
Version
>= 5.1.0, < 5.1.4
Version
>= 5.0.0, < 5.0.7
Version
>= 4.5.0, < 4.5.11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.029 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| ff89ba41-3aa1-4d27-914a-91399e9639e5 | 6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| ff89ba41-3aa1-4d27-914a-91399e9639e5 | 5.3 | 1.6 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.