VDB

CVE-2025-2598

CVE-2025-2598 PUBLISHED CVSS 5.5 MEDIUM

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

EPSS 0.07% · 21.9th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.07%
21.9th percentile

Affected Products

VendorProductVersions
npmcdk2.172.0
amazonaws_cloud_development_kit2.172.0
npmaws-cdk2.172.0
AWSCloud Development Kit Command Line Interface2.172.0

Exploit Intelligence

…and 9 more exploits

Timeline

  • Mar 21, 2025 CVE Published
  • Mar 21, 2025 Coalition ESS Score
  • Mar 21, 2025 PoC Published
  • Mar 22, 2025 EPSS Score
  • Apr 4, 2025 EPSS Score
  • Apr 17, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 14, 2025 EPSS Score
  • May 27, 2025 EPSS Score
  • Jun 9, 2025 EPSS Score
  • Jun 23, 2025 EPSS Score
  • Jul 6, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›