← Back

CVE-2025-2598

nvd nist
Published: Mar 21, 2025Modified: Oct 14, 2025

JSON object

Loading...
5.7
Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5 (Secondary)

Description

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Affected (1)

Amazon
1 product
Aws Cloud Development Kit
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Aws Cloud Development Kit
From 2.172.0 to 2.178.2

Related CWEs

CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.

References (3)

Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Vendor Advisory
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
Vendor Advisory

Timeline

No history available yet.