<ciso brief/>
Tag Banner

All news with #pandoc tag

all tags →

Wed, September 24, 2025

Pandoc SSRF Exploited to Target AWS IMDS, Steal EC2 Keys

#AWS #SSRF #Pandoc #IAM #Secrets Exposure #Security Advisory

🔒 Wiz has observed in-the-wild exploitation attempts of CVE-2025-51591, an SSRF in Pandoc that renders iframe tags and can direct them at the AWS Instance Metadata Service (IMDS). Attackers submitted crafted HTML aiming to access 169.254.169.254 to exfiltrate temporary IAM metadata and EC2 credentials. Attempts seen from August and continuing for weeks were blocked where IMDSv2 was enforced. Administrators should mitigate by using Pandoc's -f html+raw_html or --sandbox options, enforce IMDSv2, and apply least-privilege roles.

read more →