Credential Exposure in AWS CDK CLI from AWS
CVE-2025-2598

5.7MEDIUM

Key Information:

Vendor: Aws
Status: Cloud Development Kit Command Line Interface
Vendor: CVE Published:; 21 March 2025

What is CVE-2025-2598?

The AWS Cloud Development Kit (AWS CDK) Command Line Interface (CLI) contains a vulnerability that leads to sensitive AWS credential information being inadvertently displayed in console output. This occurs when a credential plugin returning an expiration property is utilized. To protect against unauthorized access to exposed credentials, users must upgrade to version 2.178.2 or later, and ensure that any custom or derivative implementations are properly updated to include necessary security patches.

Affected Version(s)

Cloud Development Kit Command Line Interface 2.172.0 < 2.178.2

References

https://aws.amazon.com/security/security-bulletins/AWS-20...

vendor-advisory

https://github.com/aws/aws-cdk/security/advisories/GHSA-v...

third-party-advisory

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2025
Vulnerability Reserved
Mar 21, 2025

Aws

What is CVE-2025-2598?

Affected Version(s)

References

CVSS V4

Timeline