Man-in-the-Middle Vulnerability in Amazon WorkSpaces and AppStream 2.0
CVE-2025-0500

7.7HIGH

Key Information:

Vendor: Amazon
Status: Workspaces Client; Appstream 2.0 Client; Dcv Client
Vendor: CVE Published:; 15 January 2025

What is CVE-2025-0500?

A vulnerability exists in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV that may allow an attacker to intercept communications, potentially leading to unauthorized access to remote sessions. This security flaw concerns the ability of attackers to execute man-in-the-middle attacks, jeopardizing the confidentiality and integrity of data during remote session interactions.

Affected Version(s)

AppStream 2.0 Client Windows 1.1.1025 < 1.1.1332

DCV Client Linux 0 < 2023.1.6703

DCV Client MacOS 2020.2.2078 < 2023.1.6703

References

https://aws.amazon.com/security/security-bulletins/AWS-20...

vendor-advisory

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 15, 2025