PT-2025-12422 · Aws · Aws Cdk Cli
Iliapolo
·
Published
2025-03-21
·
Updated
2025-12-17
·
CVE-2025-2598
CVSS v4.0
5.7
Medium
| Vector | AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
AWS CDK CLI versions prior to 2.178.2
Description
The issue arises when the AWS CDK CLI is used with a credential plugin that returns an expiration property with the retrieved AWS credentials, causing the credentials to be printed to the console output.
Recommendations
For versions prior to 2.178.2, upgrade to version 2.178.2 or later to resolve the issue. Additionally, ensure any forked or derivative code is patched to incorporate the new fixes.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aws Cdk Cli