CVE-2025-23206 | aws aws-cdk 2.148.1 IAM OIDC Custom Resource Provider Package tls.connect signature verification

Inserito da Angelo Barbosa | Gen 17, 2025 | CVE

A vulnerability was found in aws aws-cdk 2.148.1 and classified as problematic. Affected by this issue is the function tls.connect of the component IAM OIDC Custom Resource Provider Package. The manipulation leads to improper verification of cryptographic signature.

This vulnerability is handled as CVE-2025-23206. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-23206 | aws aws-cdk 2.148.1 IAM OIDC Custom Resource Provider Package tls.connect signature verification

Post correlati

CVE-2024-34424 | iePlexus Featured Content Gallery Plugin up to 3.2.0 on WordPress cross site scripting

CVE-2024-32572 | BdThemes Element Pack Elementor Addons Plugin up to 5.6.0 on WordPress cross site scripting

CVE-2024-32631 | ASR Falcon/Crane prior CP01.057.067 ciCCIOTOPT out-of-bounds

CVE-2024-5178 | ServiceNow Now Platform improper authorization (KB1648312)