CVE-2025-2598

MEDIUM Year: 2025
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-497
View all →

Vulnerability Description

When the AWS Cloud Development Kit (AWS CDK) Command Line Interface (AWS CDK CLI) is used with a credential plugin which returns an expiration property with the retrieved AWS credentials, the credentials are printed to the console output. To mitigate this issue, users should upgrade to version 2.178.2 or later and ensure any forked or derivative code is patched to incorporate the new fixes.

Related Vulnerabilities

CVE-2021-1235

MEDIUM
CVSS:5.5(Medium)

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read sensitive database files on an affected system. The vulnerability is due to insufficien...

CWE-4972021

CVE-2021-1544

MEDIUM
CVSS:5.5(Medium)

A vulnerability in logging mechanisms of Cisco Webex Meetings client software could allow an authenticated, local attacker to gain access to sensitive information. This vulnerability is due to unsafe ...

CWE-4972021

CVE-2021-23135

MEDIUM
CVSS:5.5(Medium)

Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD...

CWE-4972021

CVE-2022-28651

MEDIUM
CVSS:5.5(Medium)

In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields

CWE-4972022

CVE-2022-34458

MEDIUM
CVSS:5.5(Medium)

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation ...

CWE-4972022