Improper authentication token handling in the Amazon WorkSpaces client for Linux
Bulletin ID: AWS-2025-025 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 13:20 PM PDT Description: We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user’s WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions. Impacted versions: Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8
CSIRTS triage
- What
- Improper handling of the authentication token may expose it to other local users.
- Who is affected
- Users of Amazon WorkSpaces client for Linux versions 2023.0 to 2024.8.
- Urgency
- Remediation is important as it may allow unauthorized access to WorkSpaces.
- Action
- Update to a version beyond 2024.8.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Amazon WorkSpaces client for Linux
Get an email when a new Amazon WorkSpaces client for Linux advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-025/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2025-127790.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2025-12779 | coverage & exploitation status | NVD · CVE.org |
More from AWS Security Bulletins
- unknownCVE-2026-14904 - Improper Link Resolution in Auth.GetUserPrivateKey in AWS Research and Engineering Studio2026-07-07
- unknownCVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-…2026-07-06
- unknownCVE-2026-14265- Deserialization of Untrusted Data in AWS Advanced JDBC Wrapper RemoteQueryCachePlugin2026-07-01
- unknownCVE-2026-13760 - OS Command Injection in NodejsFunction Docker Bundling in aws-cdk-lib2026-07-01
- unknownCVE-2026-13769 – Insecure file permissions in AWS CLI2026-07-01