CVE-2025-12779
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-05

Last updated on: 2025-11-10

Assigner: AMZN

Description
Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-05
Last Modified
2025-11-10
Generated
2026-06-16
AI Q&A
2025-11-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12779
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
amazon workspaces_client 2024.8
amazon workspaces_client 2023.0
amazon workspaces_client 2025.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves improper handling of the authentication token in the Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8. It may allow other local users on the same client machine to access the authentication token for DCV-based WorkSpaces. Under certain conditions, a local user could extract another user's authentication token and gain unauthorized access to their WorkSpace.

Impact Analysis

The vulnerability can lead to unauthorized access to a user's Amazon WorkSpace by other local users on the same machine. This could result in exposure of sensitive data, unauthorized actions within the WorkSpace, and potential compromise of the user's environment.

Mitigation Strategies

To mitigate this vulnerability, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12779. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart