CVE-2025-2598

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-2598
When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

5.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://aws.amazon.com/security/security-bulletins/AWS-2025-005/ Vendor Advisory
https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:amazon:aws_cloud_development_kit:*:*:*:*:*:*:*:*
History

19 Sep 2025, 15:00

Type Values Removed Values Added
References () https://aws.amazon.com/security/security-bulletins/AWS-2025-005/ - () https://aws.amazon.com/security/security-bulletins/AWS-2025-005/ - Vendor Advisory
References () https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp - () https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp - Vendor Advisory
First Time Amazon
Amazon aws Cloud Development Kit
CPE cpe:2.3:a:amazon:aws_cloud_development_kit:*:*:*:*:*:*:*:*
Summary
  • (es) Cuando se utiliza la interfaz de línea de comandos (CLI) de AWS CDK de AWS Cloud Development Kit (AWS CDK) con un complemento de credenciales que devuelve una propiedad de expiración con las credenciales de AWS recuperadas, estas se imprimen en la salida de la consola. Para mitigar este problema, los usuarios deben actualizar a la versión 2.178.2 o posterior y asegurarse de que cualquier código bifurcado o derivado esté parcheado para incorporar las nuevas correcciones.

21 Mar 2025, 17:15

Type Values Removed Values Added
References
  • () https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp -

21 Mar 2025, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-21 15:15

Updated : 2025-09-19 15:00

NVD link : CVE-2025-2598

Mitre link : CVE-2025-2598

CVE.ORG link : CVE-2025-2598

JSON object : View

Products Affected

amazon

  • aws_cloud_development_kit
CWE
CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere