PT-2025-23027 · Amazon · Amazon Redshift Python Connector
Published
2025-05-27
·
Updated
2025-12-02
·
CVE-2025-5279
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Amazon Redshift Python Connector versions prior to 2.1.7
Description
The issue arises when the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, causing the driver to skip the SSL certificate validation step for the Identity Provider. This could allow an actor to intercept the token exchange process and retrieve an access token.
Recommendations
For Amazon Redshift Python Connector versions prior to 2.1.7, upgrade to version 2.1.7 to address this issue and ensure any forked or derivative code is patched to incorporate the new fixes. As a temporary workaround, consider disabling the BrowserAzureOAuth2CredentialsProvider plugin until the upgrade is complete.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Amazon Redshift Python Connector