AI description
CVE-2025-51591 is a Server-Side Request Forgery (SSRF) vulnerability found in JGM Pandoc version 3.6.4. It stems from Pandoc's rendering of `<iframe>` tags in HTML documents. An attacker can inject a crafted HTML iframe element to target the AWS Instance Metadata Service (IMDS) endpoint or other private resources. By exploiting this vulnerability, attackers can potentially compromise a target system. They can craft an `<iframe>` that points to the IMDS server (169.254.169.254) to try and access sensitive information, such as temporary, short-lived credentials associated with an IAM role. This can allow the attacker to harvest temporary credentials without needing direct host access.
- Description
- A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 3.7
- Impact score
- 1.4
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-918
- Hype score
- Not currently trending
Wiz Research's threat hunting found two zero-day SSRF vulnerabilities: CVE-2025-51591 in Pandoc & a ClickHouse SSRF issue. Detect anomalies in IMDS access to prevent credential theft & cloud attacks. Enforce IMDSv2 & least-privilege controls for cloud security. #Cyber
@bigmacd16684
7 Oct 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-51591
@transilienceai
5 Oct 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🔒 Pandoc CVE-2025-51591 Exploited in the Wild 🔒 Researchers warn: a flaw in Pandoc’s HTML engine lets attackers abuse <iframe> to hit AWS IMDS & steal IAM creds. 👉 Full blog: https://t.co/H6myj85ztZ
@vulert_official
29 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/21YyLQruT6
@akrsrs
27 Sept 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
When hackers hit AWS like they just found the last slice of pizza 🍕💀: CVE-2025-51591 is NO CAP a vibe check!" 🔥🚀 #Don'tGetGot https://t.co/Jg352VrysZ
@TechTrendEcho
27 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#cybersecurity Hackers Exploit Pandoc CVE-2025-51591 to Target #AWS IMDS and Steal EC2 IAM Credentials https://t.co/BhZ4ZwZ5fh
@jos1727
25 Sept 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers used a flaw in Pandoc (a tool that converts documents) to trick Amazon servers into giving them secret credentials. (The Hacker News, 2025) The exploit (CVE-2025-51591) uses a sneaky HTML iframe trick (Server-Side Request Forgery, SSRF) to target AWS metadata—basically
@BGMloop
25 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
AWS IMDSへの攻撃を狙うPandocの脆弱性CVE-2025-51591の実態 https://t.co/bjrE60DFqe #Security #セキュリティー #ニュース
@SecureShield_
25 Sept 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hackers Exploit Pandoc #CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/UWMVoDUejp
@AdliceSoftware
24 Sept 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/E3A2grMmNV #computerforensics
@compu4n6
24 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/kTsA73e3e9 #hackers #hacking #hacked #AWS #IAM #credentials #pandoc #cyberattack
@ReconBee
24 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability Alert CVE-2025-51591 is being exploited to steal AWS IAM credentials via SSRF in Pandoc. Attackers craft malicious iframes to target IMDS endpoints on EC2 instances. Use IMDSv2, sanitize inputs, and apply sandboxing to mitigate. #CloudSecurity #AWS#CVE202551591 ht
@CloneSystemsInc
24 Sept 2025
52 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ URGENT AWS Alert! Hackers are leveraging Pandoc CVE-2025-51591 to bypass IMDS and snatch EC2 IAM credentials. Check your defenses now! #CloudSecurity #CyberThreat https://t.co/FIaDfnbMB3
@xcybersecnews
24 Sept 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today's top 5 cybersecurity news - September 24, 2025 1. Hackers are actively exploiting a Server-Side Request Forgery (SSRF) vulnerability in the Linux utility Pandoc (CVE-2025-51591, CVSS 6.5) to target AWS Instance Metadata Service (IMDS). Source: The Hacker News,
@NewsNerdie
24 Sept 2025
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/iqiiOFUxJE https://t.co/xOWQ37rWHX
@talentxfactor
24 Sept 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/XA6Ntq9ngs https://t.co/R4ckbKcoyP
@TonyBeeTweets
24 Sept 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Pandoc SSRF flaw (CVE-2025-51591) exploited to steal AWS IAM credentials. • Attackers inject <iframe>s to grab metadata • IMDSv1 systems especially at risk 👉 Test your cloud resilience - get 3 private pentest bids fast at https://t.co/4ZmseOj1YI 🔗https://t.co
@PenTestBids
24 Sept 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 اكتشفت شركة Wiz الأمنية أن هاكرز يستغلون ثغرة CVE-2025-51591 في أداة Pandoc لاستهداف خدمة بيانات التعريف الخاصة بـ AWS وسرقة بيانات اعتماد IAM لخطوط EC2. الثغرة تتعلق
@Cybercachear
24 Sept 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://t.co/Z2c2moQ6Vm https://t.co/VikRVykhrb
@RigneySec
24 Sept 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ciberatacantes explotan la vulnerabilidad CVE-2025-51591 en Pandoc para atacar el Servicio de Metadatos de Instancias de AWS y sustraer credenciales IAM de EC2. 👉 https://t.co/Mxy1wL19RV https://t.co/53G5flM25s
@EnigmaSecurity_
24 Sept 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
😨 Cyberattackers are exploiting the CVE-2025-51591 vulnerability in Pandoc to target the AWS Instance Metadata Service and steal IAM credentials from EC2 instances. 😱 👉 https://t.co/Mxy1wL19RV https://t.co/0I5UXJIIqQ
@EnigmaSecurity_
24 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Researchers spotted real-world attacks exploiting a Linux flaw (CVE-2025-51591) in Pandoc to target AWS EC2 IMDS and steal IAM creds. If you’re still on IMDSv1, you’re a sitting duck. Enforce IMDSv2 & sandbox Pandoc. Details → https://t.co/PXOCtrxNVL
@TheHackersNews
24 Sept 2025
69106 Impressions
55 Retweets
150 Likes
50 Bookmarks
1 Reply
1 Quote
CVE-2025-51591 A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. https://t.co/GEbn7m6kMz
@CVEnew
11 Jul 2025
106 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes