SSRF Flaws in Pandoc and ClickHouse Enabled IMDS Abuse Across AWS, Azure, and GCP

Instance Metadata Service (IMDS) is a fundamental component of cloud security, providing virtual machines (VMs) and applications with a secure, simple way to retrieve temporary, short-lived credentials and critical data without hardcoding secrets. However, attackers have increasingly weaponized IMDS to steal credentials, escalate privileges, and move laterally across cloud platforms. Researchers at Wiz uncovered real-world exploits abusing IMDS through zero-day vulnerabilities in Pandoc and misconfigurations in ClickHouse, highlighting how subtle anomalies in metadata requests can reveal major attacks in progress.

Severity: High

Threat Landscape

• Target Service: IMDS in AWS, Azure, GCP.

• Attack Vectors:
  • Server-Side Request Forgery (SSRF) – exploiting vulnerable web apps to proxy requests to IMDS
  • Code Injection / Misconfiguration – exploit legitimate services or tools that were misconfigured or had code execution flaws to proxy queries to the IMDS
• Objectives:
  • Harvest temporary credentials.
  • Escalate privileges to cloud control plane.
  • Enable lateral movement within cloud environments.

Key Exploit Cases

1. Pandoc SSRF (CVE-2025-51591):

• Attackers crafted malicious HTML elements targeting IMDS endpoint.
• Objective: render and exfiltrate the content of /latest/meta-data/iam/info and /latest/meta-data/iam
• Prevented due to use of IMDSv2.
• In IMDSv1 environments, this would have resulted in full credential compromise. In this case the exploite works ecause the application fails to enforce sandbox or raw_html flags when handling untrusted HTML.

2. ClickHouse SSRF Abuse:

• Attackers attempted to exploit ClickHouse’s SELECT * FROM url feature, where the targeted application had access to the IMDS.
• Objective: Access IMDS endpoints to exfiltrate tokens and secrets from the metadata service.
• Prevented: The exploited instance lacked privileged credentials, limiting the impact.
• In a misconfigured environment with access to private resources (e.g., S3 buckets), this could have enabled large-scale data theft. The exploit works because the database was exposed with insufficient access controls on external URL queries.

Recommendations

1. Patch Pandoc SSRF vulnerability (CVE-2025-51591) by upgrading to the fixed version.
2. Identify instances still using IMDSv1 and enforce IMDSv2 to mitigate SSRF risks.
3. Audit ClickHouse for misconfiguration in SELECT * FROM url SQL method. Disable unauthenticated users from querying arbitrary URLs.
4. Use CSPM and Cloud Configuration Monitoring to identify and mitigate instances that might be vulnerable to IMDS or ClickHouse exploitation, such as those with overly permissive network access or unpatched applications.
5. Monitor and alert on when a process that previously did not access IMDS begins to do so.

Source:

• https://www.wiz.io/blog/imds-anomaly-hunting-zero-day

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.