Overly Permissive Trust Policy in Harmonix on AWS EKS

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow authenticated users to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any account principal with sts:AssumeRole permissions to assume the role with administrative privileges.

We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.

AI Analysis

Overly-permissive IAM trust policy allowing authenticated users to escalate privileges via role assumption

Basic Information

ID CVE-2025-14503

Source AMZN

Published Dec 15, 2025 at 19:45

Modified Dec 15, 2025 at 20:26

Affected Product

Vendor AWS

Product Harmonix on AWS

Version 0.3.0

Affected Versions AWS Harmonix on AWS 0.3.0

CWE Classification

CWE-266

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor AWS

Product Harmonix on AWS

Version 0.3.0, 0.4.0, 0.4.1

References

{
    "lastseen": "",
    "description": "An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow authenticated users to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any account principal with sts:AssumeRole permissions to assume the role with administrative privileges. \n\nWe recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.",
    "published": "2025-12-15T19:45:00.729Z",
    "modified": "2025-12-15T20:26:00.536Z",
    "type": "cve",
    "title": "Overly Permissive Trust Policy in Harmonix on AWS EKS",
    "source": "AMZN",
    "references": "https://github.com/awslabs/harmonix/pull/189\nhttps://aws.amazon.com/security/security-bulletins/AWS-2025-031/\nhttps://github.com/awslabs/harmonix/security/advisories/GHSA-qm86-gqrq-mqcw",
    "id": "CVE-2025-14503",
    "bulletinFamily": "",
    "cwe": [
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "AWS Harmonix on AWS 0.3.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Harmonix on AWS",
    "version": "0.3.0",
    "vendor": "AWS",
    "ai_description": "Overly-permissive IAM trust policy allowing authenticated users to escalate privileges via role assumption",
    "ai_severity": "High",
    "ai_vendor": "AWS",
    "ai_product": "Harmonix on AWS",
    "ai_version": "0.3.0, 0.4.0, 0.4.1",
    "ai_score": 8.6
}

Overly Permissive Trust Policy in Harmonix on AWS EKS_CVE-2025-14503