CVE-2025-2598 — MEDIUM (5.5)

Q: How severe is CVE-2025-2598?

CVE-2025-2598 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-2598?

Check the references section above for vendor advisories and patch information. Affected products include: Amazon Aws Cloud Development Kit.

Vulnerability Description

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Amazon	Aws Cloud Development Kit	>= 2.172.0, < 2.178.2

Related Weaknesses (CWE)

CWE-497

References

FAQ

What is CVE-2025-2598?

CVE-2025-2598 is a vulnerability with a CVSS score of 5.5 (MEDIUM). When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credenti...

How severe is CVE-2025-2598?

CVE-2025-2598 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-2598?

Check the references section above for vendor advisories and patch information. Affected products include: Amazon Aws Cloud Development Kit.