Vulnerability Report: GO-2025-4250
- CVE-2025-14764, GHSA-3g75-q268-r9r6
- Affects: github.com/aws/amazon-s3-encryption-client-go, github.com/aws/amazon-s3-encryption-client-go/v3, and 1 more
- Published: Dec 22, 2025
Amazon S3 Encryption Client has a Key Commitment Issue in github.com/aws/amazon-s3-encryption-client-go
For detailed information about this vulnerability, visit https://github.com/aws/amazon-s3-encryption-client-go/security/advisories/GHSA-3g75-q268-r9r6 or https://nvd.nist.gov/vuln/detail/CVE-2025-14764.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/aws/amazon-s3-encryption-client-go/security/advisories/GHSA-3g75-q268-r9r6
- https://nvd.nist.gov/vuln/detail/CVE-2025-14764
- https://github.com/aws/amazon-s3-encryption-client-go/commit/3e1740ec014e234e6d454291615011122e642b5d
- https://aws.amazon.com/security/security-bulletins/AWS-2025-032
- https://github.com/aws/amazon-s3-encryption-client-go/releases/tag/v4.0.0
- https://vuln.go.dev/ID/GO-2025-4250.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.