CVE-2025-23206 | aws aws-cdk 2.148.1 IAM OIDC Custom Resource Provider Package tls.connect signature verification

CVE-2025-23206 | aws aws-cdk 2.148.1 IAM OIDC Custom Resource Provider Package tls.connect signature verification

A vulnerability was found in aws aws-cdk 2.148.1 and classified as problematic. Affected by this issue is the function tls.connect of the component IAM OIDC Custom Resource Provider Package. The manipulation leads to improper verification of cryptographic signature. This vulnerability is handled as CVE-2025-23206. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.