CVE-2025-1969
MEDIUMAWS TEAM for IAM Identity Center < 1.2.2 - Request Spoofing via Input Validation Bypass
Title source: llmDescription
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. Upgrade TEAM to the latest release v.1.2.2. Follow instructions in updating TEAM documentation for updating process
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
https://github.com/aws-samples/iam-identity-center-team/security/advisories/GHSA-x9xv-r58p-qh86
Various Sources vendor-advisory
https://aws.amazon.com/security/security-bulletins/AWS-2025-004/
Release Notes patch
https://github.com/aws-samples/iam-identity-center-team/releases/tag/v1.2.2
Scores
CVSS v3
4.3
EPSS
0.0030
EPSS Percentile
21.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-807
Status
published
Products (1)
AWS/Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center
< 1.2.2
Published
Mar 04, 2025
Tracked Since
Feb 18, 2026