Issue with Temporary elevated access management (TEAM) - CVE-2025-1969

Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/03/04 10:30 AM PST

Description

Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2 .

Affected versions: <1.2.2

Resolution

A fix has been released in version 1.2.2 .

Please refer to the " Update TEAM solution " documentation for instructions on upgrading.

References

• GHSA-x9xv-r58p-qh86
• CVE-2025-1969

Acknowledgement

We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process.

Please email aws-security@amazon.com with any security questions or concerns.