SSL Certificate Validation Bypass in Amazon Redshift Python Connector
CVE-2025-5279

7HIGH

Key Information:

Vendor

Amazon

Status
Redshift
Vendor
CVE Published:
27 May 2025

What is CVE-2025-5279?

The Amazon Redshift Python Connector is susceptible to an SSL certificate validation bypass when integrated with the BrowserAzureOAuth2CredentialsProvider plugin. In this configuration, the connector fails to validate the SSL certificate of the Identity Provider. This flaw can expose the token exchange process to interception, potentially allowing unauthorized access to sensitive information. To mitigate this vulnerability, users are advised to upgrade to driver version 2.1.7 and ensure that any custom or derivative code has been updated to include the necessary security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Redshift 2.0.872 < 2.1.7

References

https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/aws/amazon-redshift-python-driver/rele...
patch
https://github.com/aws/amazon-redshift-python-driver/secu...
vendor-advisory

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.