5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-14761

CVE-2025-14761: AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

Summary

S3 Encryption Client for PHP is an open-source client-side encryption library used to facilitate writing and reading encrypted records to S3.

When the encrypted data key (EDK) is stored in an "Instruction File" instead of S3's metadata record, the EDK is exposed to an "Invisible Salamanders" attack (https://eprint.iacr.org/2019/016), which could allow the EDK to be replaced with a new key.

Impact

Background - Key Commitment

There is a cryptographic property whereby under certain conditions, a single ciphertext can be decrypted into 2 different plaintexts by using different encryption keys. To address this issue, strong encryption schemes use what is known as "key commitment", a process by which an encrypted message can only be decrypted by one key; the key used to originally encrypt the message.

In older versions of S3EC, when customers are also using a feature called "Instruction File" to store EDKs, key commitment is not implemented because multiple EDKs could be associated to an underlying encrypted message object. For such customers an attack that leverages the lack of key commitment is possible. A bad actor would need two things to leverage this issue: (i) the ability to create a separate, rogue, EDK that will also decrypt the underlying object to produce desired plaintext, and (ii) permission to upload a new instruction file to the S3 bucket to replace the existing instruction file placed there by the user using the S3C. Any future attempt to decrypt the underlying encrypted message with the S3EC will unwittingly use the rogue EDK to produce a valid plaintext message.

Impacted versions: <= 3.367.0

Patches

We are introducing the concept of "key commitment" to S3EC where the EDK is cryptographically bound to the ciphertext in order to address this issue. In order to maintain compatibility for in-flight messages we are releasing the fix in two versions. A code-compatible minor version that can read messages with key-commitment but not write them, and a new major version that can both read and write messages with key-commitment. For maximum safety customers are asked to upgrade to the latest major version: 3.368.0 or later.

Workarounds

There are no workarounds, please upgrade to the suggested version of S3EC.

References

If customeres have any questions or comments about this advisory, AWS SDK for PHP asks that they contact AWS Security via the issue reporting page or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-14761

CVE-2025-14761:

5.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
aws/aws-sdk-php	composer	< 3.368.0	3.368.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a key commitment issue within the AWS SDK for PHP's S3 Encryption Client, specifically when using the 'Instruction File' metadata storage strategy. The root cause is that the encryption metadata, including the Encrypted Data Key (EDK), was stored in a separate S3 object (the instruction file) without any cryptographic binding to the actual encrypted content.

An attacker with s3:PutObject permissions could exploit this by replacing the legitimate instruction file with a malicious one containing a rogue EDK. When a user subsequently attempts to decrypt the data via getObject, the following vulnerable workflow is triggered:

Aws\S3\Crypto\InstructionFileMetadataStrategy::load is called to retrieve the encryption metadata. It reads the attacker-controlled instruction file from S3.
The malicious metadata, including the rogue EDK, is passed to the Aws\Crypto\DecryptionTraitV2::decrypt function.
The decrypt function, lacking key commitment validation in affected versions, proceeds to use the attacker's key to decrypt the ciphertext. This allows the attacker to control the resulting plaintext output, a vulnerability known as an 'Invisible Salamanders' attack.

The patch addresses this by introducing S3EncryptionClientV3, which implements key commitment. For V3 objects, critical metadata, including a key commitment hash, is stored in the main S3 object's headers, not the instruction file. The decryption process now involves deriving a commitment key from the original content encryption key and verifying it against the stored hash, ensuring the integrity of the key and preventing this attack.

Vulnerable functions

Aws\S3\Crypto\InstructionFileMetadataStrategy::load

src/S3/Crypto/InstructionFileMetadataStrategy.php

This function is responsible for loading encryption metadata when the 'Instruction File' strategy is used. In vulnerable versions, it fetches and trusts the entire content of the instruction file object from S3. An attacker with s3:PutObject permission could replace this file, allowing them to inject a malicious Encrypted Data Key (EDK) and other metadata, which this function would then load for the decryption process.

Aws\Crypto\DecryptionTraitV2::decrypt

src/Crypto/DecryptionTraitV2.php

This function, used by `S3EncryptionClientV2`, orchestrates the decryption process. It uses the metadata envelope, which may have been loaded from a compromised instruction file, to retrieve the content encryption key (CEK). In vulnerable versions, it does not cryptographically verify that the CEK is the one originally used for encryption. This allows an attacker to substitute a rogue key via a malicious instruction file, leading to the 'Invisible Salamanders' attack where the ciphertext can be decrypted to a different plaintext.

Aws\S3\Crypto\InstructionFileMetadataStrategy::save

src/S3/Crypto/InstructionFileMetadataStrategy.php

This function is part of the vulnerable design. In vulnerable versions, when using the instruction file strategy, it writes all encryption metadata, including the sensitive encrypted data key, to a separate S3 object (the instruction file). This design is what creates the opportunity for an attacker with write permissions to replace the instruction file with a malicious one, setting up the decryption attack.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-14761: AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

Summary

Impact

Background - Key Commitment

Patches

Workarounds

References

CVE-2025-14761:

5.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Technical Details

CVE-2025-14761: AWS SDK for PHP's S3 Encryption Client has a Key Commitment Issue

Summary

Impact

Background - Key Commitment

Patches

Workarounds

References

Basic Information

Basic Information

5.3

5.3

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI