AWS has identified a security vulnerability, CVE-2025-2598, in the AWS CDK CLI. This issue affects versions 2.172.0 through 2.178.1 of the CDK CLI. The vulnerability occurs when using credential plugins configured to provide temporary credentials with an expiration property. This configuration can inadvertently cause the credentials to be printed in the console output. This exposes the credentials to anyone with access to the console where the CDK CLI was executed. AWS has released a fix, and users should upgrade to version 2.178.2 or later. To check for exposure, customers should examine logs for executions after December 6, 2024. Look for credential information in the console output. If credentials are found, mitigate the risk by revoking temporary credentials. Limit console access and rotate any long-lived credentials. Refer to the AWS CDK CLI Library for details on custom credential plugins. The fix is available in version 2.178.2.