CVE-2025-51591

Published Jul 11, 2025

Last updated 2 days ago

CVSS medium 6.5
JGM Pandoc

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-51591 is a Server-Side Request Forgery (SSRF) vulnerability found in JGM Pandoc version 3.6.4. It stems from Pandoc's rendering of `<iframe>` tags in HTML documents. An attacker can inject a crafted HTML iframe element to target the AWS Instance Metadata Service (IMDS) endpoint or other private resources. By exploiting this vulnerability, attackers can potentially compromise a target system. They can craft an `<iframe>` that points to the IMDS server (169.254.169.254) to try and access sensitive information, such as temporary, short-lived credentials associated with an IAM role. This can allow the attacker to harvest temporary credentials without needing direct host access.

Description
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
4.2
Exploitability score
2.2
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-918

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

50

  1. #cybersecurity Hackers Exploit Pandoc CVE-2025-51591 to Target #AWS IMDS and Steal EC2 IAM Credentials https://t.co/BhZ4ZwZ5fh

    @jos1727

    25 Sept 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Hackers used a flaw in Pandoc (a tool that converts documents) to trick Amazon servers into giving them secret credentials. (The Hacker News, 2025) The exploit (CVE-2025-51591) uses a sneaky HTML iframe trick (Server-Side Request Forgery, SSRF) to target AWS metadata—basically

    @BGMloop

    25 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. AWS IMDSへの攻撃を狙うPandocの脆弱性CVE-2025-51591の実態 https://t.co/bjrE60DFqe #Security #セキュリティー #ニュース

    @SecureShield_

    25 Sept 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. #hackers Exploit Pandoc #CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/UWMVoDUejp

    @AdliceSoftware

    24 Sept 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/E3A2grMmNV #computerforensics

    @compu4n6

    24 Sept 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/kTsA73e3e9 #hackers #hacking #hacked #AWS #IAM #credentials #pandoc #cyberattack

    @ReconBee

    24 Sept 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Vulnerability Alert CVE-2025-51591 is being exploited to steal AWS IAM credentials via SSRF in Pandoc. Attackers craft malicious iframes to target IMDS endpoints on EC2 instances. Use IMDSv2, sanitize inputs, and apply sandboxing to mitigate. #CloudSecurity #AWS#CVE202551591 ht

    @CloneSystemsInc

    24 Sept 2025

    52 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️ URGENT AWS Alert! Hackers are leveraging Pandoc CVE-2025-51591 to bypass IMDS and snatch EC2 IAM credentials. Check your defenses now! #CloudSecurity #CyberThreat https://t.co/FIaDfnbMB3

    @xcybersecnews

    24 Sept 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Today's top 5 cybersecurity news - September 24, 2025 1. Hackers are actively exploiting a Server-Side Request Forgery (SSRF) vulnerability in the Linux utility Pandoc (CVE-2025-51591, CVSS 6.5) to target AWS Instance Metadata Service (IMDS). Source: The Hacker News,

    @NewsNerdie

    24 Sept 2025

    43 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/iqiiOFUxJE https://t.co/xOWQ37rWHX

    @talentxfactor

    24 Sept 2025

    50 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/XA6Ntq9ngs https://t.co/R4ckbKcoyP

    @TonyBeeTweets

    24 Sept 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 Pandoc SSRF flaw (CVE-2025-51591) exploited to steal AWS IAM credentials. • Attackers inject &lt;iframe&gt;s to grab metadata • IMDSv1 systems especially at risk 👉 Test your cloud resilience - get 3 private pentest bids fast at https://t.co/4ZmseOj1YI 🔗https://t.co

    @PenTestBids

    24 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 📌 اكتشفت شركة Wiz الأمنية أن هاكرز يستغلون ثغرة CVE-2025-51591 في أداة Pandoc لاستهداف خدمة بيانات التعريف الخاصة بـ AWS وسرقة بيانات اعتماد IAM لخطوط EC2. الثغرة تتعلق

    @Cybercachear

    24 Sept 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/Z2c2moQ6Vm https://t.co/VikRVykhrb

    @RigneySec

    24 Sept 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Ciberatacantes explotan la vulnerabilidad CVE-2025-51591 en Pandoc para atacar el Servicio de Metadatos de Instancias de AWS y sustraer credenciales IAM de EC2. 👉 https://t.co/Mxy1wL19RV https://t.co/53G5flM25s

    @EnigmaSecurity_

    24 Sept 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 😨 Cyberattackers are exploiting the CVE-2025-51591 vulnerability in Pandoc to target the AWS Instance Metadata Service and steal IAM credentials from EC2 instances. 😱 👉 https://t.co/Mxy1wL19RV https://t.co/0I5UXJIIqQ

    @EnigmaSecurity_

    24 Sept 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 Researchers spotted real-world attacks exploiting a Linux flaw (CVE-2025-51591) in Pandoc to target AWS EC2 IMDS and steal IAM creds. If you’re still on IMDSv1, you’re a sitting duck. Enforce IMDSv2 &amp; sandbox Pandoc. Details → https://t.co/PXOCtrxNVL

    @TheHackersNews

    24 Sept 2025

    69106 Impressions

    55 Retweets

    150 Likes

    50 Bookmarks

    1 Reply

    1 Quote

  18. CVE-2025-51591 A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. https://t.co/GEbn7m6kMz

    @CVEnew

    11 Jul 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.