CVE-2025-12779 addresses improper token handling that could expose user sessions to local attackers
https://aws.amazon.com/security/security-bulletins/AWS-2025-025/
Patch Status
PATCHED – Amazon Web Services (AWS) has released a fix for this vulnerability. Users should upgrade to Amazon WorkSpaces client for Linux version 2025.0 or later immediately.
Vulnerability Overview
Amazon’s AWS (Amazon Web Services) disclosed and patched a security vulnerability in the Amazon WorkSpaces client for Linux.
The vulnerability was identified and reported by security firm Visionlink through AWS’s coordinated vulnerability disclosure process.
The issue, designated CVE-2025-12779, involves improper authentication token handling that could allow unauthorized local access to user WorkSpace sessions.
The vulnerability affects Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8. The security flaw involves improper handling of authentication tokens for DCV-based WorkSpaces, potentially exposing these tokens to other local users on the same client machine.
DCV (Desktop Cloud Visualization) is the protocol used by Amazon WorkSpaces to provide remote desktop sessions. Authentication tokens for DCV sessions are used to maintain secure connections between the client and the user’s WorkSpace environment. The vulnerability specifically affected how these tokens were stored or handled at the operating system level on Linux clients, making them accessible to other local users who should not have permission to view or use them.
Versions 2023.0 through 2024.8 of Amazon WorkSpaces client for Linux are impacted.
Under specific circumstances, an unauthorized user with local access to the client machine could extract valid authentication tokens and gain access to another user’s WorkSpace session. The vulnerability requires the attacker to have existing local user access on the same machine running the affected WorkSpaces client.
AWS released Amazon WorkSpaces client for Linux version 2025.0, which resolves the authentication token handling issue. AWS recommends that all users running affected versions upgrade to version 2025.0 or later.
Patch Availability: Amazon WorkSpaces Client Download page
Organizations using Amazon WorkSpaces client for Linux should:
- Upgrade ASAP: Upgrade all Linux WorkSpaces clients to version 2025.0 or later, and confirm client version numbers across deployed instances
- Monitor: Review access logs for any suspicious local user activity on machines running affected versions, and ensure proper local user access restrictions are in place on machines running WorkSpaces clients
AWS has not reported any evidence of active exploitation of this vulnerability in customer environments.
Leave a Reply