cve-2025-51591

Security firm flags in-the-wild exploitation of Pandoc flaw CVE-2025-51591 to target AWS IMDS

Cloud, News, Vulnerabilities

September 24, 2025

Security researchers at Wiz have observed in-the-wild exploitation of CVE-2025-51591, a Pandoc flaw that enables SSRF against AWS EC2 IMDS, with attackers attempting to exfiltrate data via crafted iframes. The activity underscores the importance of IMDSv2 and least-privilege IAM roles to mitigate cloud credential exposure.