CVE-2025-12815
Bulletin ID: AWS-2025-026 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/6 09:15 AM PDT Description: Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. We identified CVE-2025-12815, in which an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. Impacted versions: < 2025.09
CSIRTS triage
- What
- An ownership verification issue may allow unauthorized access to desktop session metadata.
- Who is affected
- Authenticated users of RES before version 2025.09.
- Urgency
- Remediation is important to protect user privacy.
- Action
- Update to version 2025.09 or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2025-12815
Get an email if CVE-2025-12815 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.28% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 20% of all EPSS-scored CVEs.
Advisory coverage (1)
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2025-12815)