Cloud safety firm Wiz has revealed that it uncovered in-the-wild exploitation of a safety flaw in a Linux utility referred to as Pandoc as a part of assaults designed to infiltrate Amazon Net Companies (AWS) Occasion Metadata Service (IMDS).
The vulnerability in query is CVE-2025-51591 (CVSS rating: 6.5), which refers to a case of Server-Aspect Request Forgery (SSRF) that enables attackers to compromise a goal system by injecting a specifically crafted HTML iframe ingredient.
The EC2 IMDS is a vital part of the AWS cloud atmosphere, providing details about working situations, in addition to momentary, short-lived credentials if an identification and entry administration (IAM) function is related to the occasion. The occasion metadata is accessible to any software working on an EC2 occasion by way of a link-local handle (169.254.169[.]254).
These credentials can then be used to securely work together with different AWS providers like S3, RDS, or DynamoDB, allowing functions to authenticate with out the necessity for storing credentials on the machine, thereby lowering the chance of unintentional publicity.
One of many frequent strategies that attackers can use to steal IAM credentials from IMDS is by way of SSRF flaws in net functions. This basically entails tricking the app working on an EC2 occasion to ship a request looking for IAM credentials from the IMDS service on its behalf.
“If the applying can attain the IMDS endpoint and is inclined to SSRF, the attacker can harvest momentary credentials while not having any direct host entry (equivalent to RCE or path traversal),” Wiz researchers Hila Ramati and Gili Tikochinski stated.
An adversary seeking to goal AWS infrastructure can subsequently seek for SSRF vulnerabilities in net functions working on EC2 situations and, when discovered, entry the occasion metadata and steal IAM credentials. This isn’t a theoretical risk.
Way back to early 2022, Google-owned Mandiant discovered {that a} risk actor it tracks as UNC2903 had attacked AWS environments by abusing credentials obtained utilizing IMDS since July 2021, exploiting an SSRF flaw (CVE-2021-21311, CVSS rating: 7.2) in Adminer, an open-source database administration software, to facilitate information theft.
The difficulty, at its core, stems from the truth that IMDS, or extra particularly IMDSv1, is a request and response protocol, making it a horny goal for dangerous actors who goal exploitable net functions that additionally run IMDSv1.
In a report printed final month, Resecurity warned that when SSRF is exploited towards cloud infrastructure like AWS, it may have “extreme and far-reaching” penalties, leading to cloud credential theft, community reconnaissance, and unauthorized entry to inside providers.
“Since SSRF originates from throughout the server, it may attain endpoints protected by perimeter firewalls. This successfully turns the susceptible software right into a proxy, permitting the attacker to: Bypass IP whitelists [and] attain in any other case unreachable inside property,” it stated.
The most recent findings from Wiz display that assaults focusing on the IMDS service are persevering with to happen, with adversaries leveraging SSRF vulnerabilities in little-known functions like Pandoc to allow them.
“The vulnerability, tracked as CVE-2025-51591, stems from Pandoc rendering tags in HTML paperwork,” Wiz researchers stated. “This could permit an attacker to craft an that factors to the IMDS server, or different non-public assets.”
“The attacker submitted crafted HTML paperwork containing parts whose src attributes focused the AWS IMDS endpoint at 169.254.169[.]254. The target was to render and exfiltrate the content material of delicate paths, particularly /newest/meta-data/iam/information and /newest/meta-data/iam.”
Wiz stated the assault was finally unsuccessful due to the enforcement of IMDSv2, which is session-oriented and mitigates the SSRF assault by first requiring a person to get a token and use that token in all requests to the IMDS by way of a particular header (X-aws-ec2-metadata-token).
The corporate instructed The Hacker Information that it noticed in-the-wild exploitation makes an attempt “relationship again to August and persevering with for a number of weeks,” including it additionally discovered continued efforts on the a part of unknown risk actors to abuse one other SSRF flaw in ClickHouse to unsuccessfully breach a goal’s Google Cloud Platform.
To mitigate the chance posed by CVE-2025-51591 in cloud environments, it is suggested to make use of the “-f html+raw_html” choice or the “–sandbox” choice to stop Pandoc from together with the contents of iframe parts by the src attribute.
“[Pandoc maintainers] determined that rendering iframes is the supposed habits and that the person is accountable to both sanitize the enter or use the sandbox flags when dealing with person inputs,” Wiz stated.
“Though Amazon recommends implementing the IMDSv2 with GuardDuty enhancements, EC2 situations created by Amazon prospects that as a substitute use IMDSv1 could also be in danger when mixed with additionally working unpatched susceptible third occasion software program,” Mandiant researchers warned on the time.
Organizations are advisable to implement IMDSv2 throughout all EC2 situations and be sure that situations are assigned roles that comply with the precept of least privilege (PoLP) to include the blast radius within the occasion of an IMDS compromise.
