Hackers Exploits IMDS Service to Gain Initial Access to a Cloud Environment

Threat actors were manipulating the Instance Metadata Service (IMDS), a core component designed to securely furnish compute instances with temporary credentials to infiltrate and navigate cloud infrastructures. 

By compelling unsuspecting applications to query IMDS endpoints, attackers harvest short-lived tokens, enabling credential theft, lateral movement, and privilege escalation within victim environments.

Exploit IMDS Service

Wiz reports that the Instance Metadata Service operates at the heart of AWS, Azure, and GCP virtual machines, exposing critical data and IAM credentials via HTTP requests to the privileged 169.254.169[.]254 address. 

While IMDSv2 strengthens security through session-oriented token retrieval, IMDSv1 remains vulnerable to Server-Side Request Forgery (SSRF). 

Attackers exploit SSRF flaws or misconfigured workloads to proxy IMDS calls, stealing role-based credentials without direct host control.

By establishing a baseline of legitimate clients, such as AWS SDKs, EC2 agents, and nm-cloud-setup, researchers isolate processes that infrequently access IMDS. 

Filtering for sensitive metadata paths (for example, /latest/meta-data/iam/security-credentials/ and /computeMetadata/v1/instance/service-accounts/) and prioritizing instances with internet exposure reveals stealthy reconnaissance and exfiltration attempts.

Two real-world findings underscore the ability of this tactic. In the first, a zero-day SSRF in pandoc (CVE-2025-51591) enabled malicious HTML <iframe> tags to query /latest/meta-data/iam/info, exposing instance roles. 

Attackers bypassed recommended –raw_html and –sandbox flags, but enforcement of IMDSv2 thwarted their payload by invalidating stateless GET requests. Had IMDSv1 been in use, the exploit would have yielded full credential compromise.

The second discovery involved ClickHouse’s SELECT * FROM url function in an unauthenticated setup.

By directing URL queries at IMDS, attackers could retrieve metadata tokens. Although this specific incident in a GCP environment failed due to limited privileges, it highlights the cloud-agnostic danger of SSRF-driven IMDS abuse. 

A misconfigured ClickHouse instance with S3 access could easily precipitate a major breach, Wiz said.

For defenders, proactive prevention and real-time detection are essential. Enforcing IMDSv2 across all compute instances, limiting network access to metadata endpoints, and applying the principle of least privilege to IAM roles dramatically reduces exposure. 

Meanwhile, runtime sensors that flag unusual IMDS requests and exfiltration patterns can swiftly identify in-flight attacks.

Cloud security teams must evolve from signature-based defenses to anomaly hunting tracking, which processes should never query IMDS, and alerting on deviations.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Hackers Exploits IMDS Service to Gain Initial Access to a Cloud Environment appeared first on Cyber Security News.