Cloud safety firm Wiz has revealed that it uncovered in-the-wild exploitation of a safety flaw in a Linux utility known as Pandoc as a part of assaults designed to infiltrate Amazon Internet Providers (AWS) Occasion Metadata Service (IMDS).
The vulnerability in query is CVE-2025-51591 (CVSS rating: 6.5), which refers to a case of Server-Facet Request Forgery (SSRF) that permits attackers to compromise a goal system by injecting a specifically crafted HTML iframe component.
The EC2 IMDS is an important part of the AWS cloud atmosphere, providing details about operating situations, in addition to short-term, short-lived credentials if an identification and entry administration (IAM) function is related to the occasion. The occasion metadata is accessible to any utility operating on an EC2 occasion through a link-local tackle (169.254.169[.]254).
These credentials can then be used to securely work together with different AWS companies like S3, RDS, or DynamoDB, allowing purposes to authenticate with out the necessity for storing credentials on the machine, thereby lowering the danger of unintentional publicity.
One of many widespread strategies that attackers can use to steal IAM credentials from IMDS is through SSRF flaws in net purposes. This primarily entails tricking the app operating on an EC2 occasion to ship a request in search of IAM credentials from the IMDS service on its behalf.
“If the appliance can attain the IMDS endpoint and is prone to SSRF, the attacker can harvest short-term credentials while not having any direct host entry (resembling RCE or path traversal),” Wiz researchers Hila Ramati and Gili Tikochinski mentioned.
An adversary seeking to goal AWS infrastructure can subsequently seek for SSRF vulnerabilities in net purposes operating on EC2 situations and, when discovered, entry the occasion metadata and steal IAM credentials. This isn’t a theoretical menace.
Way back to early 2022, Google-owned Mandiant discovered {that a} menace actor it tracks as UNC2903 had attacked AWS environments by abusing credentials obtained utilizing IMDS since July 2021, exploiting an SSRF flaw (CVE-2021-21311, CVSS rating: 7.2) in Adminer, an open-source database administration device, to facilitate knowledge theft.
The difficulty, at its core, stems from the truth that IMDS, or extra particularly IMDSv1, is a request and response protocol, making it a horny goal for unhealthy actors who goal exploitable net purposes that additionally run IMDSv1.
In a report printed final month, Resecurity warned that when SSRF is exploited in opposition to cloud infrastructure like AWS, it could have “extreme and far-reaching” penalties, leading to cloud credential theft, community reconnaissance, and unauthorized entry to inside companies.
“Since SSRF originates from inside the server, it could attain endpoints protected by perimeter firewalls. This successfully turns the weak utility right into a proxy, permitting the attacker to: Bypass IP whitelists [and] attain in any other case unreachable inside property,” it mentioned.
The most recent findings from Wiz display that assaults concentrating on the IMDS service are persevering with to happen, with adversaries leveraging SSRF vulnerabilities in little-known purposes like Pandoc to allow them.
“The vulnerability, tracked as CVE-2025-51591, stems from Pandoc rendering
“The attacker submitted crafted HTML paperwork containing
Wiz mentioned the assault was finally unsuccessful due to the enforcement of IMDSv2, which is session-oriented and mitigates the SSRF assault by first requiring a consumer to get a token and use that token in all requests to the IMDS through a particular header (X-aws-ec2-metadata-token).
The corporate advised The Hacker Information that it noticed in-the-wild exploitation makes an attempt “relationship again to August and persevering with for just a few weeks,” including it additionally discovered continued efforts on the a part of unknown menace actors to abuse one other SSRF flaw in ClickHouse to unsuccessfully breach a goal’s Google Cloud Platform.
To mitigate the danger posed by CVE-2025-51591 in cloud environments, it is suggested to make use of the “-f html+raw_html” possibility or the “–sandbox” possibility to forestall Pandoc from together with the contents of iframe components by way of the src attribute.
“[Pandoc maintainers] determined that rendering iframes is the meant habits and that the consumer is accountable to both sanitize the enter or use the sandbox flags when dealing with consumer inputs,” Wiz mentioned.
“Though Amazon recommends implementing the IMDSv2 with GuardDuty enhancements, EC2 situations created by Amazon clients that as an alternative use IMDSv1 could also be in danger when mixed with additionally operating unpatched weak third celebration software program,” Mandiant researchers warned on the time.
Organizations are beneficial to implement IMDSv2 throughout all EC2 situations and be certain that situations are assigned roles that observe the precept of least privilege (PoLP) to include the blast radius within the occasion of an IMDS compromise.
