Cloud security company Wiz recently uncovered a new wave of attacks targeting Amazon Web Services (AWS) using a security flaw in a Linux utility called Pandoc. The vulnerability, known as CVE-2025-51591, is a Server-Side Request Forgery (SSRF) issue with a CVSS score of 6.5. SSRF attacks are a common way for adversaries to compromise a system by tricking an application into sending requests on their behalf, a technique that is especially dangerous in cloud environments. In this case, attackers exploited a weakness in Pandoc’s rendering of HTML to inject a malicious iframe that targets the AWS Instance Metadata Service (IMDS).
The EC2 IMDS is a vital component of the AWS cloud environment. It provides essential information about running instances and, crucially, offers temporary, short-lived credentials if an identity and access management (IAM) role is associated with the instance. These credentials allow applications to securely interact with other AWS services like S3 or RDS without needing to store permanent credentials on the machine. The IMDS is accessible to any application running on an EC2 instance via a specific link-local address: 169.254.169[.]254. While this system is designed for security, it also creates an attractive target for attackers who can use SSRF flaws to access it.
Stealing credentials from the IMDS service is a common attack vector. By exploiting an SSRF flaw, an attacker can trick a web application running on an EC2 instance into requesting the IAM credentials from the IMDS service. This method allows an adversary to harvest temporary credentials without needing direct host access or other complex exploits. This isn’t just a theoretical threat. Back in 2022, security firm Mandiant found a threat actor had been using an SSRF flaw in a database management tool called Adminer to steal credentials from AWS environments since 2021. The attacks uncovered by Wiz demonstrate that adversaries are still using this same technique, even against lesser-known applications like Pandoc.
According to Wiz researchers, the attackers crafted HTML documents containing iframes with source attributes that pointed to the IMDS endpoint. The goal was to render and then exfiltrate sensitive data, specifically the IAM credentials. The attacks observed by Wiz were ultimately unsuccessful because the target had enforced IMDSv2, the more secure and session-oriented version of the protocol. Unlike the original version, IMDSv2 requires a user to first obtain a token and then use that token in all subsequent requests. This security measure effectively mitigates SSRF attacks by preventing an attacker from directly making requests.
To protect against this specific vulnerability, it’s recommended that users of Pandoc use the “-f html+raw_html” or “–sandbox” options to prevent it from including the contents of iframe elements. More broadly, security experts from both Wiz and Mandiant advise that organizations enforce IMDSv2 across all their EC2 instances. It’s also critical to ensure that instances are assigned roles that adhere to the principle of least privilege (PoLP). By limiting the permissions of these roles, you can contain the damage and reduce the “blast radius” in the event of a successful IMDS compromise.
Reference:
