High severity8.5NVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026
CVE-2025-8904
CVE-2025-8904
Description
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges.
Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 6.10–7.4 and earlier
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.