Key Commitment Issues in S3 Encryption Clients

2025 032 ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions <= 3.5.0 (Java), <= 3.1.0 (Go), <= 3.1 (.NET), <= 1.11.711 (C++), <= 3.367.0 (PHP), <= 1.207.0 (Ruby)
Regions all
CVE IDs CVE-2025-14763, CVE-2025-14764, CVE-2025-14759, CVE-2025-14760, CVE-2025-14761, CVE-2025-14762
Migration Required Yes
Cost Impact Neutral
IaC Impact High

What This Means

For DevOps Teams

Update your S3 Encryption Client libraries to the latest versions to resolve key commitment issues and protect against potential security threats, ensuring compatibility with existing and new encrypted data.

For Platform Teams

Integrate the updated S3 Encryption Clients into your platform to enhance security and maintain data integrity, leveraging the new key commitment feature to cryptographically bind encrypted data keys to ciphertext.

For Executives

Implement the latest S3 Encryption Client updates to mitigate security risks and ensure data integrity, addressing vulnerabilities that could lead to unauthorized key replacement attacks.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.