Authentication Token Exposure in Amazon WorkSpaces Client for Linux
CVE-2025-12779

8.8HIGH

Key Information:

Vendor: Amazon
Status: Amazon Workspaces
Vendor: CVE Published:; 5 November 2025

What is CVE-2025-12779?

A vulnerability in the Amazon WorkSpaces Client for Linux allows improper management of authentication tokens. This flaw may lead to the exposure of a user's authentication token to other local users sharing the same client machine. Under specific conditions, a local user can retrieve another user's authentication token, enabling unauthorized access to their WorkSpace. To address this vulnerability, it is essential for users to upgrade to version 2025.0 or newer of the Amazon WorkSpaces Client for Linux.

Affected Version(s)

Amazon WorkSpaces Linux 2025.0

References

https://aws.amazon.com/security/security-bulletins/AWS-20...

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 5, 2025
Vulnerability Reserved
Nov 5, 2025

JSON