Issue with Temporary elevated access management (TEAM) - CVE-2025-1969
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/03/04 10:30 AM PST
Description
Improper request input validation in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center allows a user to modify a valid request and spoof an approval in TEAM. We recommend customers upgrade TEAM to the latest release, version 1.2.2 .
Affected versions: <1.2.2
Resolution
A fix has been released in version 1.2.2 .
Please refer to the " Update TEAM solution " documentation for instructions on upgrading.
References
Acknowledgement
We would like to thank Redshift Cyber Security for collaborating on this issue through the coordinated vulnerability disclosure process.
Please email aws-security@amazon.com with any security questions or concerns.