CVE-2025-14503
Overly Permissive Trust Policy in Harmonix on AWS EKS
CVSS Score
7.2
EPSS Score
0.0%
EPSS Percentile
0th
An overly-permissive IAM trust policy in the Harmonix on AWS framework may allow IAM principals in the same AWS account to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any IAM principal in the same AWS account with sts:AssumeRole permissions to assume the role with administrative privileges. We recommend customers upgrade to Harmonix on AWS v0.4.2 or later if you have deployed the framework using versions v0.3.0 through v0.4.1.
| CWE | CWE-266 |
| Vendor | aws |
| Product | harmonix on aws |
| Published | Dec 15, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for aws harmonix on aws
Be the first to know when new high vulnerabilities affecting aws harmonix on aws are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
AWS / Harmonix on AWS
0.3.0 < 0.4.2