CVE-2025-12779
Bulletin ID: AWS-2025-025 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 13:20 PM PDT Description: We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user’s WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions. Impacted versions: Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8
CSIRTS triage
- What
- Improper handling of the authentication token may expose it to other local users.
- Who is affected
- Users of Amazon WorkSpaces client for Linux versions 2023.0 to 2024.8.
- Urgency
- Remediation is important as it may allow unauthorized access to WorkSpaces.
- Action
- Update to a version beyond 2024.8.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2025-12779
Get an email if CVE-2025-12779 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all EPSS-scored CVEs.
Advisory coverage (1)
- unknownImproper authentication token handling in the Amazon WorkSpaces client for Linuxaws · 2026-06-05
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2025-12779)