TEAM Improper Input Validation in AWS IAM Identity Center v1.2.2
CVE-2025-1969 Published on March 4, 2025
Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM.
Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process
Vulnerability Analysis
CVE-2025-1969 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Reliance on Untrusted Inputs in a Security Decision
The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
Products Associated with CVE-2025-1969
Want to know whenever a new CVE is published for Amazon Aws? stack.watch will email you.
Affected Versions
Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center:- Before 1.2.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.