Remote Session Vulnerability in Amazon WorkSpaces Clients Utilizing PCoIP Protocol
CVE-2025-0501

7.7HIGH

Key Information:

Vendor

Amazon

Status
Workspaces Client
Vendor
CVE Published:
15 January 2025

What is CVE-2025-0501?

A vulnerability exists in the native clients for Amazon WorkSpaces, specifically when using the PCoIP protocol. This flaw may potentially allow an attacker to intercept and access remote sessions, leading to unauthorized control and manipulation. Ensuring that your systems are updated and secure against such vulnerabilities is crucial for maintaining the confidentiality and integrity of remote session communications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WorkSpaces Client Android 3.0.1 < 5.0.1

WorkSpaces Client Linux 3.0.0 < 2024.6

WorkSpaces Client Windows 3.0.0 < 5.22.1

References

https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://docs.aws.amazon.com/workspaces/latest/userguide/a...
patchrelease-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/a...
patchrelease-notes

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.