CVE-2025-0693 — Vulnetix

CVE-2025-0693 PUBLISHED CVSS 5.300000190734863 MEDIUM

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account.

EPSS 0.15% · 35.2th percentile

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

0.15%

35.2th percentile

Affected Products

Vendor	Product	Versions
AWS	AWS Sign-in IAM Login Flow	N/A

Exploit Intelligence

CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)
CIRCL seen: CVE-2025-0693 (circl-sighting)

…and 1 more exploits

Timeline

Jan 23, 2025 Coalition ESS Score
Jan 23, 2025 CVE ID Reserved
Jan 23, 2025 CVE Published
Jan 23, 2025 PoC Published
Jan 23, 2025 PoC Published
Jan 23, 2025 PoC Published
Jan 24, 2025 EPSS Score
Feb 8, 2025 EPSS Score
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 11, 2025 PoC Published
Feb 12, 2025 PoC Published

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-002/ vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-0693 advisory
https://aws.amazon.com/security/security-bulletins/AWS-2025-002 url

Open in Interactive Console →