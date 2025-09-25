Attacks exploiting a medium-severity server-side request forgery flaw in the Pandoc Linux utility, tracked as CVE-2025-51591, to target the Amazon Web Services Instance Metadata Service (IMDS) and pilfer EC2 IAM credentials have been underway, reports The Hacker News.

With the flaw enabling the creation of an iframe directed at the IMDS server, threat actors could submit HTML documents with the needed iframe elements to render and pilfer sensitive path content, according to a Wiz analysis.

"If the application can reach the IMDS endpoint and is susceptible to SSRF, the attacker can harvest temporary credentials without needing any direct host access (such as RCE or path traversal)," said Wiz researchers, who noted the intrusion to have been foiled by IMDSv2 enforcement.

Organizations have been advised to not only implement the "-f html+raw_html" or "--sandbox" options but also adopt IMDSv2 across EC2 environments to better counter such threat.

Intrusions leveraging SSRF flaws were recently noted by Resecurity researchers to potentially have "severe and far-reaching" effects, including network reconnaissance and cloud credential compromise.