Credential Exposure in AWS CDK CLI from AWS
CVE-2025-2598

5.7MEDIUM

Key Information:

Vendor

Aws

Status
Cloud Development Kit Command Line Interface
Vendor
CVE Published:
21 March 2025

What is CVE-2025-2598?

The AWS Cloud Development Kit (AWS CDK) Command Line Interface (CLI) contains a vulnerability that leads to sensitive AWS credential information being inadvertently displayed in console output. This occurs when a credential plugin returning an expiration property is utilized. To protect against unauthorized access to exposed credentials, users must upgrade to version 2.178.2 or later, and ensure that any custom or derivative implementations are properly updated to include necessary security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Cloud Development Kit Command Line Interface 2.172.0 < 2.178.2

References

https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/aws/aws-cdk/security/advisories/GHSA-v...
third-party-advisory
https://github.com/aws/aws-cdk/releases/tag/v2.178.2
patch

CVSS V4

Score:
5.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.