CVE-2025-1969 — Vulnetix

CVE-2025-1969 PUBLISHED CVSS 4.300000190734863 MEDIUM

Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process

EPSS 0.30% · 53.2th percentile

Risk Scores

CVSS 3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.30%

53.2th percentile

Affected Products

Vendor	Product	Versions
AWS	Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center	0

Exploit Intelligence

CIRCL seen: CVE-2025-1969 (circl-sighting)
CIRCL seen: CVE-2025-1969 (circl-sighting)
https://github.com/aws-samples/iam-identity-center-team/security/advisories/GHSA-x9xv-r58p-qh86 (circl)
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/ (circl)
https://github.com/aws-samples/iam-identity-center-team/releases/tag/v1.2.2 (circl)

Timeline

Mar 4, 2025 Coalition ESS Score
Mar 4, 2025 CVE ID Reserved
Mar 4, 2025 CVE Published
Mar 5, 2025 EPSS Score
Mar 5, 2025 PoC Published
Mar 6, 2025 PoC Published
Mar 19, 2025 EPSS Score
Apr 2, 2025 EPSS Score
Apr 15, 2025 EPSS Score
Apr 29, 2025 EPSS Score
May 13, 2025 EPSS Score
May 27, 2025 EPSS Score

References

https://github.com/aws-samples/iam-identity-center-team/security/advisories/GHSA-x9xv-r58p-qh86 third-party-advisory
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/ vendor-advisory
https://github.com/aws-samples/iam-identity-center-team/releases/tag/v1.2.2 patch

Open in Interactive Console →