CVE-2025-2598

MEDIUM

AWS CDK CLI - Info Disclosure

Title source: llm

Description

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Exploits (2)

nomisec WORKING POC

by SallyXVIII · poc

https://github.com/SallyXVIII/Final-Proj

View Code ZIP pw:eip

nomisec WORKING POC

by Catnip-Express-Maxim · poc

https://github.com/Catnip-Express-Maxim/AWSTESTEXPLOIT

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://aws.amazon.com/security/security-bulletins/AWS-2025-005/

[Vendor Advisory] https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp

[Release Notes] https://github.com/aws/aws-cdk/releases/tag/v2.178.2

Scores

CVSS v3 5.5

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-497

Status published

Affected Products (3)

amazon/aws_cloud_development_kit < 2.178.2

npm/aws-cdk < 2.178.2npm

npm/cdk < 2.178.2npm

Timeline

Published Mar 21, 2025

Tracked Since Feb 18, 2026