CVE-2025-59048

HIGH EPSS 15.3%
Published Oct 23, 20258mo ago · Modified Jun 17, 20262w ago
8.1 CVSS 3.1
High
Find Similar
Published Oct 23, 2025 8mo ago
Last Modified Jun 17, 2026 2w ago

Description

OpenBao's AWS Plugin generates AWS access credentials based on IAM policies. Prior to version 0.1.1, the AWS Plugin is vulnerable to cross-account IAM role Impersonation in the AWS auth method. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a role with the same name in a trusted account, leading to unauthorized access. This impacts all users of the auth-aws plugin who operate in a multi-account AWS environment where IAM role names may not be unique across accounts. This vulnerability has been patched in version 0.1.1 of the auth-aws plugin. A workaround for this issue involves guaranteeing that IAM role names are unique across all AWS accounts that could potentially interact with your OpenBao environment, and to audit for any duplicate IAM roles.

CVSS Details

Base Score
8.1
Exploitability
2.8
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
15.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-694
CWE-863 Incorrect Authorization Authorization

Affected Products 1

VendorProductVersionRange
openbaoaws_plugin* <0.1.1

References 2

  • github.com https://github.com/openbao/openbao-plugins/commit/2a77af36834746ca6d3ac9bd1049154c84b3efae
    Patch
  • github.com https://github.com/openbao/openbao-plugins/security/advisories/GHSA-jp7h-4f3c-9rc7
    PatchVendor Advisory

Remediation

  • github.com https://github.com/openbao/openbao-plugins/commit/2a77af36834746ca6d3ac9bd1049154c84b3efae
    Patch
  • github.com https://github.com/openbao/openbao-plugins/security/advisories/GHSA-jp7h-4f3c-9rc7
    PatchVendor Advisory