High severity8.5NVD Advisory· Published Aug 13, 2025· Updated Apr 15, 2026

CVE-2025-8904

Description

Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges.

Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

aws.amazon.com/security/security-bulletins/AWS-2025-017/nvd
docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-750-release.htmlnvd
github.com/advisories/GHSA-hf8h-76fm-735vnvd

News mentions

No linked articles in our index yet.

cvss	0.552
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000