Pandoc Becomes an Unexpected Attack Vector in AWS Breach Attempts

Cybersecurity firm Wiz has reported active exploitation attempts targeting a Server-Side Request Forgery (SSRF) vulnerability in the Linux utility Pandoc, identified as CVE-2025-51591. The flaw is being leveraged by attackers to infiltrate Amazon Web Services (AWS) cloud environments, specifically through the EC2 Instance Metadata Service (IMDS), a core AWS component used to manage instance-specific identity credentials.

The flaw enables malicious actors to craft HTML documents containing <iframe> elements that can access internal services such as IMDS.

Though recent attacks failed due to IMDSv2 protections, this incident illustrates how even lesser-known software can become an entry point into cloud infrastructure when paired with insecure configurations like IMDSv1.

Why It Matters: This case emphasizes that even seemingly minor software tools like Pandoc can pose serious risks when running in cloud environments, especially when legacy features like IMDSv1 are enabled. It reinforces the importance of using secure configurations, upgrading vulnerable software, and adopting defense-in-depth practices in cloud security architectures.

• CVE-2025-51591 and the Pandoc SSRF Flaw: The vulnerability tracked as CVE-2025-51591 arises from Pandoc’s ability to render raw HTML content, including <iframe> elements. When a user processes an attacker-supplied document containing an <iframe> with a src attribute pointing to internal AWS addresses (e.g., 169.254.169.254), Pandoc unknowingly attempts to fetch content from those endpoints. This allows an attacker to exfiltrate metadata and IAM credentials if the EC2 instance is misconfigured to allow IMDSv1 access, exposing an otherwise protected internal resource via a seemingly harmless utility.

• The Role of AWS Instance Metadata Service (IMDS): IMDS is an AWS service that provides EC2 instances with metadata, including temporary IAM credentials used to authenticate to other AWS services. Because IMDS can be accessed from within the instance through a link-local IP address, it becomes a high-value target in SSRF scenarios. Attackers can abuse SSRF vulnerabilities in web apps or tools like Pandoc to reach IMDS and retrieve sensitive data. IMDSv2 adds a token-based security mechanism to mitigate this risk, but many customers still use IMDSv1 due to legacy compatibility or misconfiguration, leaving them exposed.

• Exploitation and Attribution Attempts: Researchers discovered exploitation attempts dating back to August 2025. While the attacks failed due to IMDSv2 protections in place, they show active reconnaissance and exploitation efforts by unknown threat actors. This pattern mirrors previous campaigns, such as those attributed to threat actor UNC2903, that used SSRF flaws in tools like Adminer to steal credentials. This indicates a persistent attacker interest in chaining software vulnerabilities with weak cloud configurations to access and manipulate cloud resources.

• Mitigation and Best Practices for Cloud Defenses: To reduce exposure, Pandoc users are strongly encouraged to use the --sandbox flag or the -f html+raw_html option when rendering HTML documents from untrusted sources. These options prevent rendering <iframe> elements, thus neutralizing the SSRF vector. Simultaneously, AWS customers should enforce IMDSv2 across all EC2 instances and apply strict IAM role permissions aligned with the principle of least privilege (PoLP). Security teams should audit all instances for outdated or vulnerable software and monitor for suspicious metadata access attempts using tools like AWS GuardDuty.

• Broader Implications for Cloud Security Posture: SSRF vulnerabilities in even niche or utility applications can be weaponized when combined with insufficiently hardened cloud configurations. Attackers rely on these gaps to gain internal access without remote code execution (RCE). Targeting metadata services through proxy vulnerabilities should prompt organizations to reassess the exposure surface of internal services and adopt layered defenses that assume exploitation attempts are already underway.

Go Deeper -> Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials – The Hacker News