VDB
CVE-2025-59048
CVE-2025-59048
PUBLISHED
CVSS 8.100000381469727 HIGH
OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method
EPSS 0.04% · 13.7th percentile
Risk Scores
CVSS 3.1
8.100000381469727
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.04%
13.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | openbao/openbao-plugins | 0 |
| openbao | aws_plugin | 0 |
| openbao | openbao-plugins | < 0.1.1 |
Timeline
- Jan 21, 1970 Security Advisory
- Oct 23, 2025 CVE Published
- Oct 23, 2025 Coalition ESS Score
- Oct 23, 2025 PoC Published
- Oct 24, 2025 EPSS Score
- Oct 30, 2025 EPSS Score
- Nov 5, 2025 EPSS Score
- Nov 10, 2025 EPSS Score
- Nov 16, 2025 EPSS Score
- Nov 22, 2025 EPSS Score
- Nov 28, 2025 EPSS Score
- Dec 1, 2025 Coalition ESS Score