CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-12815

unknowncovered by 1 sourcefirst seen 2026-06-05
Bulletin ID: AWS-2025-026 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/6 09:15 AM PDT Description: Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. We identified CVE-2025-12815, in which an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. Impacted versions: < 2025.09

CSIRTS triage

What
An ownership verification issue may allow unauthorized access to desktop session metadata.
Who is affected
Authenticated users of RES before version 2025.09.
Urgency
Remediation is important to protect user privacy.
Action
Update to version 2025.09 or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-12815

Get an email if CVE-2025-12815 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-12815

CVE.org record

Embed the live status

CVE-2025-12815 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-12815 status](https://www.csirts.com/badge/CVE-2025-12815)](https://www.csirts.com/cve/CVE-2025-12815)