CVE-2025-5279: Issue with Amazon Redshift Python Connector and the BrowserAzureOAuth2CredentialsProvider plugin

May 28, 2025

Amazon Redshift Python Connector is a pure Python connector to Redshift (i.e., driver) that implements the Python Database API Specification 2.0.

When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider.

References

aws.amazon.com/security/security-bulletins
github.com/advisories/GHSA-r244-wg5g-6w2r
github.com/aws/amazon-redshift-python-driver
github.com/aws/amazon-redshift-python-driver/security/advisories/GHSA-r244-wg5g-6w2r
nvd.nist.gov/vuln/detail/CVE-2025-5279

Code Behaviors & Features

Detect and mitigate CVE-2025-5279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →