216.73.217.86

CVE-2025-14503

· Published 15/12/2025 20:15 · Modified 17/12/2025 00:15

Labels: CVE-2025-14503 2025-12-15CVE-2025-14503ff89ba41-3aa1-4d27-914a-91399e9639e5

Essential information

Published
15/12/2025 20:15
Modified
17/12/2025 00:15
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
ff89ba41-3aa1-4d27-914a-91399e9639e5
NVD
View on NVD

References