CVE-2025-51591

MEDIUM

Published 2025-07-11T00:00:00.000Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-51591. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1

6.5

/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Base Score Metrics

Exploitability: N/A Impact: N/A

Attack Vector Metrics

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Impact Metrics

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Description

A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.

Available Exploits

No exploits available for this CVE.

Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in q…

Internet 2025-09-24 07:15

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

Not EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Malicious code in bioql (PyPI)

Affected Products (ENISA)

n/a

ENISA Scoring

CVSS Score (3.1)

6.5

/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score

0.040

probability

ENISA References

http://jgm.com

http://pandoc.com

https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2025-51591

https://nvd.nist.gov/vuln/detail/CVE-2025-51591

https://pandoc.org

Data provided by ENISA EU Vulnerability Database. Last updated: October 3, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-mcv3-ch54-xqfh

Advisory Details

A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe.

CVSS Scoring

CVSS Score

5.0

CVSS Vector


                                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-51591

WEB https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2025-51591

WEB https://pandoc.org

WEB http://jgm.com

WEB http://pandoc.com

Advisory provided by GitHub Security Advisory Database. Published: July 11, 2025, Modified: September 24, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

4 posts

Reddit • 1 week, 5 days ago

crstux

Exploit

🔥 Top 10 Trending CVEs (26/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-20333](https://nvd.nist.gov/vuln/detail/CVE-2025-20333)** - 📝 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, …

Also mentions: CVE-2025-10184 CVE-2025-10585 CVE-2025-20352 CVE-2025-26399 CVE-2024-28988 CVE-2025-6198 CVE-2025-7937 CVE-2025-10035 CVE-2024-28986

2.0

View Original High Risk

Reddit • 1 week, 6 days ago

crstux

Exploit

🔥 Top 10 Trending CVEs (25/09/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-51591](https://nvd.nist.gov/vuln/detail/CVE-2025-51591)** - 📝 A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. - 📅 **Published:** …

Also mentions: CVE-2025-10585 CVE-2025-20352 CVE-2025-26399 CVE-2024-28988 CVE-2025-59689 CVE-2025-6198 CVE-2025-7937 CVE-2025-10035 CVE-2025-8061 CVE-2024-28986

1.0

View Original High Risk

Reddit • 2 weeks ago

quellaman

Exploit

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials

1.0

View Original High Risk

Reddit • 2 weeks ago

falconupkid

Exploit

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS).... **CVEs:** …

1.0

View Original High Risk

References

http://jgm.com

http://pandoc.com

https://github.com/RealestName/Vulnerability-Research/tree/main/CVE-2025-51591

Published: 2025-07-11T00:00:00.000Z

Last Modified: 2025-09-25T03:55:50.703Z

Copied to clipboard!

CVE-2025-51591

Expert Analysis

CVSS Score

Attack Vector Metrics

Impact Metrics

Description

Available Exploits

Related News

EU Vulnerability Database

EU Coordination

Exploitation Status

EUVD ID

ENISA Analysis

Affected Products (ENISA)

ENISA Scoring

CVSS Score (3.1)

EPSS Score

ENISA References

GitHub Security Advisories

Advisory Details

CVSS Scoring

CVSS Score

CVSS Vector

References

Social Media Intelligence

References

Request Analysis

What to expect

Request Received!