SSL Certificate Validation Bypass in Amazon Redshift Python Connector
CVE-2025-5279

7HIGH

Key Information:

Vendor: Amazon
Status: Redshift
Vendor: CVE Published:; 27 May 2025

What is CVE-2025-5279?

The Amazon Redshift Python Connector is susceptible to an SSL certificate validation bypass when integrated with the BrowserAzureOAuth2CredentialsProvider plugin. In this configuration, the connector fails to validate the SSL certificate of the Identity Provider. This flaw can expose the token exchange process to interception, potentially allowing unauthorized access to sensitive information. To mitigate this vulnerability, users are advised to upgrade to driver version 2.1.7 and ensure that any custom or derivative code has been updated to include the necessary security patches.

Affected Version(s)

Redshift 2.0.872 < 2.1.7

References

https://aws.amazon.com/security/security-bulletins/

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
May 27, 2025