CVE-2025-2598

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://aws.amazon.com/security/security-bulletins/AWS-2025-005/	Vendor Advisory
https://github.com/aws/aws-cdk/releases/tag/v2.178.2
https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:amazon:aws_cloud_development_kit:*:*:*:*:*:*:*:*

History

14 Oct 2025, 19:15

Type	Values Removed	Values Added
References		() https://github.com/aws/aws-cdk/releases/tag/v2.178.2 -

19 Sep 2025, 15:00

Type	Values Removed	Values Added
First Time		Amazon Amazon aws Cloud Development Kit
Summary		(es) Cuando se utiliza la interfaz de línea de comandos (CLI) de AWS CDK de AWS Cloud Development Kit (AWS CDK) con un complemento de credenciales que devuelve una propiedad de expiración con las credenciales de AWS recuperadas, estas se imprimen en la salida de la consola. Para mitigar este problema, los usuarios deben actualizar a la versión 2.178.2 o posterior y asegurarse de que cualquier código bifurcado o derivado esté parcheado para incorporar las nuevas correcciones.
References	~~() https://aws.amazon.com/security/security-bulletins/AWS-2025-005/ -~~	() https://aws.amazon.com/security/security-bulletins/AWS-2025-005/ - Vendor Advisory
References	~~() https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp -~~	() https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp - Vendor Advisory
CPE		cpe:2.3:a:amazon:aws_cloud_development_kit::::::::

21 Mar 2025, 17:15

Type	Values Removed	Values Added
References		() https://github.com/aws/aws-cdk/security/advisories/GHSA-v63m-x9r9-8gqp -

21 Mar 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-21 15:15

Updated : 2025-10-14 19:15

NVD link : CVE-2025-2598

Mitre link : CVE-2025-2598

CVE.ORG link : CVE-2025-2598

JSON object : View

Products Affected

amazon

aws_cloud_development_kit

CWE

CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere

5.5 /10