AWS Updates - 2025-10-08

AWS Security Bulletins

IMDS impersonation

• Link: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
• Published: 2025-10-08

Bulletin ID: AWS-2025-021
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/10/07 01:30 PM PDT

Description:

AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.

When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute node to be running on a network where the third party has a privileged network position. AWS recommends that when using AWS Tools outside of the AWS data perimeter, customers follow the installation and configuration guides (AWS CLI/SDK or SSM Agent) to ensure this issue is mitigated. We also recommend that you monitor for IMDS endpoints that may be running in your on-prem environment to proactively prevent such impersonation issues from a third party.

Affected versions:

IMDSv1 and IMDSv2