CyberHappenings logo
☰

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Pandoc SSRF Vulnerability Exploited to Target AWS IMDS

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

A Server-Side Request Forgery (SSRF) vulnerability in Pandoc (CVE-2025-51591) has been exploited to target AWS Instance Metadata Service (IMDS) and steal EC2 IAM credentials. The flaw allows attackers to inject crafted HTML iframes to access sensitive metadata. The attack attempts were unsuccessful due to the enforcement of IMDSv2, which mitigates SSRF attacks. The vulnerability affects Pandoc, a Linux utility, and exploits the way it renders HTML documents. Attackers can craft iframes pointing to the IMDS server to exfiltrate sensitive information. The exploitation attempts were observed dating back to August 2025. The IMDS is a critical component of AWS, providing instance metadata and temporary IAM credentials. SSRF vulnerabilities in web applications running on EC2 instances can be exploited to steal these credentials, allowing unauthorized access to AWS services.

Timeline

  1. 24.09.2025 10:15 πŸ“° 1 articles Β· ⏱ 8h ago

    Pandoc SSRF Vulnerability Exploited to Target AWS IMDS

    A Server-Side Request Forgery (SSRF) vulnerability in Pandoc (CVE-2025-51591) has been exploited to target AWS Instance Metadata Service (IMDS) and steal EC2 IAM credentials. The flaw allows attackers to inject crafted HTML iframes to access sensitive metadata. The attack attempts were unsuccessful due to the enforcement of IMDSv2, which mitigates SSRF attacks. Exploitation attempts were observed dating back to August 2025. The IMDS provides instance metadata and temporary IAM credentials, which can be stolen via SSRF vulnerabilities. SSRF attacks can bypass perimeter firewalls and reach internal assets, leading to cloud credential theft and unauthorized access.

    Show sources

Information Snippets