Man-in-the-Middle Vulnerability in Amazon WorkSpaces and AppStream 2.0
CVE-2025-0500

7.7HIGH

Key Information:

Vendor

Amazon

Status
Workspaces Client
Appstream 2.0 Client
Dcv Client
Vendor
CVE Published:
15 January 2025

What is CVE-2025-0500?

A vulnerability exists in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV that may allow an attacker to intercept communications, potentially leading to unauthorized access to remote sessions. This security flaw concerns the ability of attackers to execute man-in-the-middle attacks, jeopardizing the confidentiality and integrity of data during remote session interactions.

Affected Version(s)

AppStream 2.0 Client Windows 1.1.1025 < 1.1.1332

DCV Client Linux 0 < 2023.1.6703

DCV Client MacOS 2020.2.2078 < 2023.1.6703

References

https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-0500 : Man-in-the-Middle Vulnerability in Amazon WorkSpaces and AppStream 2.0