CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Improper authentication token handling in the Amazon WorkSpaces client for Linux

unknownCVE-2025-12779
Bulletin ID: AWS-2025-025 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 13:20 PM PDT Description: We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user’s WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions. Impacted versions: Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8

CSIRTS triage

What
Improper handling of the authentication token may expose it to other local users.
Who is affected
Users of Amazon WorkSpaces client for Linux versions 2023.0 to 2024.8.
Urgency
Remediation is important as it may allow unauthorized access to WorkSpaces.
Action
Update to a version beyond 2024.8.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Amazon WorkSpaces client for Linux

Get an email when a new Amazon WorkSpaces client for Linux advisory drops — max one per day, one-click unsubscribe.

Details

Source
AWS Security Bulletins (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-06-05
Exploitation
Not in CISA KEV at last sync

Original advisory: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-025/

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2025-12779coverage & exploitation statusNVD · CVE.org

More from AWS Security Bulletins