Vulnerability cyber

Amazon Web Services (AWS)

Jun 16, 2023 2 min read
Amazon Web Services (AWS)

A critical vulnerability (CVE-2025-12779) in the **Amazon WorkSpaces client for Linux (versions 2023.0–2024.8)** exposes improper handling of authentication tokens, allowing local attackers to extract valid tokens left accessible by the client. This flaw enables unauthorized access to a victim’s private WorkSpaces session, granting control over their virtual environment. The risk is heightened in **shared or multi-user Linux systems**, where malicious actors could exploit the vulnerability to hijack sessions, access sensitive data, or perform actions on behalf of the compromised user. AWS has released a patch in **version 2025.0** and urged immediate updates, but unpatched systems remain exposed to session takeover attacks. While no evidence of active exploitation has been reported, the vulnerability underscores the risks of inadequate token management in cloud-based desktop solutions, potentially leading to **data breaches, privilege escalation, or lateral movement within corporate networks** if abused in enterprise environments.

Source: https://gbhackers.com/amazon-workspaces-for-linux-vulnerability/

TPRM report: https://www.rankiteo.com/company/amazon-web-services

"id": "ama0162101110725",
"linkid": "amazon-web-services",
"type": "Vulnerability",
"date": "6/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'customers_affected': 'Users of Amazon WorkSpaces '
                                              'client for Linux (versions '
                                              '2023.0–2024.8)',
                        'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Amazon Web Services (AWS)',
                        'size': 'Large Enterprise',
                        'type': 'Cloud Service Provider'}],
 'attack_vector': ['Local', 'Improper Authentication Token Handling'],
 'customer_advisories': ['Upgrade to version 2025.0 immediately; contact '
                         '[email protected] for concerns'],
 'data_breach': {'data_exfiltration': ['Potential Token Theft by Local Users'],
                 'sensitivity_of_data': ['High (Session Access Tokens)'],
                 'type_of_data_compromised': ['Authentication Tokens']},
 'date_publicly_disclosed': '2025-11-05',
 'description': 'A recently disclosed vulnerability in the Amazon WorkSpaces '
                'client for Linux (CVE-2025-12779) exposes a critical security '
                'flaw that could allow attackers to gain unauthorized access '
                'to user environments due to improper handling of '
                'authentication tokens. The issue affects versions 2023.0 '
                'through 2024.8, where local users on the same machine could '
                'extract valid authentication tokens left accessible by the '
                'client, potentially gaining control over another user’s '
                'private virtual WorkSpace session. AWS has addressed the '
                'issue in version 2025.0 and urges immediate updates.',
 'impact': {'brand_reputation_impact': ['Potential Erosion of Trust in AWS '
                                        'WorkSpaces Security'],
            'data_compromised': ['Authentication Tokens',
                                 'Potential WorkSpace Session Access'],
            'identity_theft_risk': ['Session Hijacking Risk'],
            'operational_impact': ['Unauthorized Access to Virtual WorkSpaces',
                                   'Risk in Shared/Multi-User Environments'],
            'systems_affected': ['Amazon WorkSpaces client for Linux (versions '
                                 '2023.0–2024.8)']},
 'investigation_status': 'Resolved (Patch Available)',
 'lessons_learned': ['Importance of robust token management in cloud desktop '
                     'environments.',
                     'Critical need for timely software updates in '
                     'shared/multi-user systems.',
                     'Proactive communication with users during vulnerability '
                     'disclosures.'],
 'post_incident_analysis': {'corrective_actions': ['Token management overhaul '
                                                   'in version 2025.0',
                                                   'Enhanced access controls '
                                                   'for multi-user '
                                                   'environments'],
                            'root_causes': ['Improper handling of '
                                            'authentication tokens in '
                                            'DCV-based WorkSpaces',
                                            'Insecure token storage accessible '
                                            'to local users']},
 'recommendations': ['Immediately upgrade to Amazon WorkSpaces client for '
                     'Linux version 2025.0 or later.',
                     'Monitor shared/multi-user Linux environments for '
                     'unauthorized WorkSpace access.',
                     'Implement least-privilege principles for local user '
                     'permissions.',
                     'Regularly audit authentication token handling in virtual '
                     'desktop solutions.'],
 'references': [{'date_accessed': '2025-11-05',
                 'source': 'AWS Security Bulletin AWS-2025-025'},
                {'source': 'Amazon WorkSpaces Client Download Page'}],
 'response': {'communication_strategy': ['Security Bulletin',
                                         'Direct Outreach via '
                                         '[email protected]',
                                         'Public Advisory'],
              'containment_measures': ['Urgent Security Bulletin '
                                       '(AWS-2025-025)',
                                       'End-of-Support Notification for '
                                       'Affected Versions'],
              'incident_response_plan_activated': True,
              'remediation_measures': ['Upgrade to Amazon WorkSpaces client '
                                       'for Linux version 2025.0 or newer']},
 'stakeholder_advisories': ['AWS-2025-025 Security Bulletin'],
 'title': 'Critical Authentication Token Exposure in Amazon WorkSpaces Client '
          'for Linux (CVE-2025-12779)',
 'type': ['Vulnerability', 'Unauthorized Access'],
 'vulnerability_exploited': 'CVE-2025-12779'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.