Summary
A vulnerability in AWS Temporary Elevated Access Management (TEAM) allows users to modify valid requests and spoof approvals due to improper input validation. This affects versions prior to 1.2.2 of TEAM for AWS IAM Identity Center. AWS has released a fix in version 1.2.2 and recommends customers upgrade to the latest release.
Affected Services
IAM Identity Center
Remediation
Upgrade TEAM to version 1.2.2 or later. Refer to the "Update TEAM solution" documentation for specific upgrade instructions.
Tracked CVEs
CVE-2025-1969
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
-
Exploitablity Period
Until 2025/03/04
Known ITW Exploitation
-
Detection Methods
Check the current version of TEAM in use. If it's below 1.2.2, the system may be vulnerable. Monitor for unexpected or unauthorized elevated access requests in IAM Identity Center.
Piercing Index Rating
-
Discovered by
Redshift Cyber Security
