Privilege escalation issue in Amazon EMR Secret Agent component

9 / 10

CRITICAL

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges.

Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.

Basic Information

ID CVE-2025-8904

Source AMZN

Published Aug 13, 2025 at 17:06

Affected Product

Vendor Amazon

Product EMR

Version 6.10

Affected Versions Amazon EMR 6.10

CWE Classification

CWE-257

References

{
    "lastseen": "",
    "description": "Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. \n\n\n\nUsers are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.",
    "published": "2025-08-13T17:06:29.293Z",
    "modified": "2025-08-13T17:06:29.293Z",
    "type": "cve",
    "title": "Privilege escalation issue in Amazon EMR Secret Agent component",
    "source": "AMZN",
    "references": "https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-app-versions-7.x.html\nhttps://aws.amazon.com/security/security-bulletins/AWS-2025-017/",
    "id": "CVE-2025-8904",
    "bulletinFamily": "",
    "cwe": [
        "CWE-257"
    ],
    "cvelist": null,
    "sourceData": "Amazon EMR 6.10",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EMR",
    "version": "6.10",
    "vendor": "Amazon",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Privilege escalation issue in Amazon EMR Secret Agent component_CVE-2025-8904