Cloud security company Wiz has revealed that it has revealed its use in the Wild security flaws of a Linux utility called Pandoc as part of an attack designed to infiltrate Amazon Web Services (AWS) instance metadata service (IMDS).
The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5). This refers to a server-side request forfary (SSRF) case where an attacker can compromise the target system by injecting a specially created HTML iframe element.
EC2 IMDS is a critical component of an AWS cloud environment and provides information about running instances and temporary, short-lived credentials when an Identity and Access Management (IAM) role is associated with an instance. Instance Metadata can be accessed by any application running on the EC2 instance via a Link-Local address (169.254.169)[.]254).
These credentials can be used to safely interact with other AWS services such as S3, RDS, and DynamoDB to authenticate applications without the need to store credentials on the machine, thereby reducing the risk of accidental exposure.
One common way an attacker can use to steal IAM credentials from IMDS is through SSRF flaws in web applications. This essentially involves tricking an app running on an EC2 instance and sending a request from the IMDS service to ask for IAM credentials.
“If an application is able to reach an IMDS endpoint, and is susceptible to SSRF, an attacker can collect temporary entitlements without the need for direct host access (such as RCE or past traversal).”
Thus, enemies attempting to target AWS infrastructure can search for SSRF vulnerabilities in web applications running on EC2 instances and, if found, access instance metadata to steal IAM credentials. This is not a theoretical threat.
In early 2022, Google-owned Mandiant abused the qualifications obtained using IMDS since July 2021 and attacked the AWS environment by utilizing an administrator, open source database management tool, using SSRF deficiency (CVE-2021-21311, CVSS score: 7.2), which was tracked by threat actors.
This issue stems from the fact that IMDS, or more specifically, IMDSV1, is a request and response protocol, making it an attractive target for bad actors targeting exploitable web applications running IMDSV1.
A report released last month warned that SSRFs can be exploited against cloud infrastructures like AWS, which could have “serious and widespread” consequences, leading to unauthorized access to cloud credentials, network reconnaissance, and internal services.
“SSRF comes from within the server, allowing you to reach endpoints protected by perimeter firewalls. This effectively transforms vulnerable applications into proxying, resulting in the attacker: [and] You will reach an internal asset that would otherwise be unreachable,” it said.
The latest findings from WIZ show that attacks targeting IMDS services continue to take place. The enemy is leveraging SSRF vulnerabilities in lesser known applications such as Pandoc to enable them.
“The vulnerability tracked as CVE-2025-51591 comes from the Pandoc rendering tag in HTML documents,” Wiz researchers said. “This allows an attacker to create something that points to an IMDS server or other private resources.”
“The attacker submitted a created HTML document containing elements targeting an AWS IMDS endpoint with an SRC attribute of 169.254.169[.]254. The aim was to render and remove sensitive pathways, specifically the /latest/meta-data/IAM/information and /latest/meta-data/IAM content. ”
Wiz said the attack ultimately failed with the enforcement of IMDSV2. This is session oriented and mitigates SSRF attacks by first getting the token and using that token in every request to IMDS via a special header (X-AWS-EC2-Metadata-Token).
The company told the Hackers News it had observed attempts at wild exploitation “that lasted several weeks back to August.”
We recommend using the “-f HTML+raw_html” or “-Sandbox” option to mitigate the risk poses by CVE-2025-51591 in a cloud environment.
“[Pandoc maintainers] Rendering IFRAME is the intended behavior, and the user has decided that he or she is responsible for disinfecting the input or using the sandbox flag when processing user input,” Wiz said.
“Although Amazon recommends implementing IMDSV2 using Guardduty Enhancements, EC2 instances created by Amazon customers may be at risk if they use IMDSV1 instead.
Organizations are encouraged to enforce IMDSV2 on all EC2 instances and ensure that instances are assigned that follow the principle of least privilege (POLP) to contain blast radius in the event of an IMDS compromise.
Source link
