CVE-2025-59048 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-59048 PUBLISHED CVSS 8.100000381469727 HIGH

OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method

EPSS 0.03% · 9.9th percentile

Risk Scores

CVSS v3.1

8.100000381469727

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.03%

9.9th percentile

Affected Products

Vendor	Product	Versions
github.com	openbao/openbao-plugins	0
openbao	aws_plugin	0
openbao	openbao-plugins	< 0.1.1

Timeline

Jan 21, 1970 Security Advisory
Oct 23, 2025 CVE Published
Oct 23, 2025 Coalition ESS Score
Oct 23, 2025 PoC Published
Oct 24, 2025 EPSS Score
Oct 29, 2025 EPSS Score
Nov 3, 2025 EPSS Score
Nov 9, 2025 EPSS Score
Nov 14, 2025 EPSS Score
Nov 19, 2025 EPSS Score
Nov 24, 2025 EPSS Score
Nov 30, 2025 EPSS Score

References

Open in Interactive Console →