Use of a Broken or Risky Cryptographic Algorithm

CVE-2025-14762

Medium

6/10

Summary

Missing cryptographic key commitment in the AWS SDK for Ruby may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To mitigate this issue, upgrade AWS SDK for Ruby to version 1.208.0 or later.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

Advisory
Release Note
Pull request

Advisory Timeline

Published Dec 17, 2025

Use of a Broken or Risky Cryptographic Algorithm

CVE-2025-14762

Summary

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS