CVE-2025-51591

Name of the Vulnerable Software and Affected Versions JGM Pandoc version 3.6.4

Description A Server-Side Request Forgery (SSRF) issue exists in JGM Pandoc version 3.6.4. This flaw allows attackers to potentially compromise the entire infrastructure by injecting a crafted iframe. Reports indicate active exploitation of this issue, with hackers targeting Amazon Web Services (AWS) Instance Metadata Service (IMDS) to steal EC2 IAM credentials. The vulnerability allows attackers to make unauthorized requests to the AWS IMDS. The exploitation involves crafting malicious HTML iframe elements.

Recommendations Update to a newer version that contains a fix for this vulnerability.