VDB

CVE-2025-59048

CVE-2025-59048 PUBLISHED CVSS 8.100000381469727 HIGH

OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method

EPSS 0.04% · 13.7th percentile

Risk Scores

CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.04%
13.7th percentile

Affected Products

VendorProductVersions
github.comopenbao/openbao-plugins0
openbaoaws_plugin0
openbaoopenbao-plugins< 0.1.1

Timeline

  • Jan 21, 1970 Security Advisory
  • Oct 23, 2025 CVE Published
  • Oct 23, 2025 Coalition ESS Score
  • Oct 23, 2025 PoC Published
  • Oct 24, 2025 EPSS Score
  • Oct 30, 2025 EPSS Score
  • Nov 5, 2025 EPSS Score
  • Nov 10, 2025 EPSS Score
  • Nov 16, 2025 EPSS Score
  • Nov 22, 2025 EPSS Score
  • Nov 28, 2025 EPSS Score
  • Dec 1, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›