AWS has announced a critical security bulletin, AWS-2025-032, requiring immediate attention. This bulletin addresses vulnerabilities in S3 Encryption Clients across multiple programming languages. The identified CVEs relate to key commitment issues within these encryption clients. Specifically, the vulnerabilities impact Java, Go, .NET, C++, PHP, and Ruby S3 Encryption Clients. These clients are used for encrypting and decrypting data stored in S3. The core issue arises when encrypted data keys (EDKs) are stored in instruction files. This storage method exposes EDKs to potential attacks like the "Invisible Salamanders" attack. This attack can manipulate and replace the EDK, compromising data security. The bulletin provides a list of affected versions across languages. Users are urged to upgrade their S3 Encryption Clients to patched versions. Patches include the following versions or later: Java (3.5.0), Go (3.1.0), .NET (3.1), C++ (1.11.711), PHP (3.367.0), and Ruby (1.207.0).