Security researchers at Wiz said they have observed in-the-wild exploitation of CVE-2025-51591, a vulnerability in the Pandoc document converter that enables Server-Side Request Forgery (SSRF), in campaigns aimed at Amazon Web Services’ EC2 Instance Metadata Service (IMDS). Wiz noted that attackers were able to craft HTML payloads containing iframes to reach IMDS from applications running on EC2 instances.
The flaw, tracked as CVE-2025-51591 with a CVSS score of 6.5, arises from Pandoc’s handling of HTML <iframe> tags. In practice, a hostile page can coerce a vulnerable application into making a request to the IMDS endpoint, potentially exposing sensitive instance data and credentials.
IMDS is a core component of AWS cloud environments, providing information about running instances and, when associated with an IAM role, temporary credentials that can be used to access other AWS services such as S3, RDS, and DynamoDB. The metadata service is reachable from within an EC2 instance at a link-local address 169.254.169.254.
Historically, SSRF exploits targeting cloud infrastructure have been linked to credential theft and internal reconnaissance. Security researchers have highlighted that attackers exploit SSRF flaws in web applications to access IMDS and extract temporary credentials, underscoring the risk of misconfigured or vulnerable software running on EC2 instances.
In related historical context, Google Cloud threat intelligence notes that the activity group UNC2903 has attacked AWS environments by abusing IMDS credentials since 2021, leveraging SSRF against vulnerable services (for example CVE-2021-21311 in Adminer) to facilitate data theft: Mandiant UNC2903 context. The ongoing risk of IMDS abuse is echoed in industry analyses of SSRF’s reach within cloud infrastructure.
Wiz said the attempts described in their findings were ultimately unsuccessful because IMDSv2 enforces token-based access, mitigating SSRF by requiring a token via a dedicated header (X-aws-ec2-metadata-token). The AWS security team’s guidance on IMDSv2 and defense-in-depth remains a key reference for operators.
To reduce exposure, Pandoc maintainers advise disabling iframe rendering for user-supplied content or using the -f html+raw_html option or the –sandbox flag to prevent iframe contents from being included.
Beyond technical mitigations, AWS guidance emphasizes enforcing IMDSv2 across all EC2 instances and applying least-privilege IAM roles to limit blast radius in the event of compromise. The article also includes promotional banner links to related resources: exec-guide-d and cis-security-suite.