CVE-2025-12779
Improper handling of the authentication token in the Amazon WorkSpaces
Publication date: 2025-11-05
Last updated on: 2025-11-05
Assigner: ff89ba41-3aa1-4d27-914a-91399e9639e5
Description
Description
Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace.
To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| amazon | workspaces_client | 2025.0 |
| amazon | workspaces_client | 2023.0 |
| amazon | workspaces_client | 2024.8 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
What immediate steps should I take to mitigate this vulnerability?
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2025-11-05
CVE Last Modified Date:
2025-11-05
Report Generation Date:
2025-11-06
AI Powered Q&A Generation:
2025-11-05
EPSS Last Evaluated Date:
N/A
NVD Report Link: