Ownership Verification Flaw in AWS Research and Engineering Studio
CVE-2025-12815

5.3MEDIUM

Key Information:

Vendor

Aws

Status
Research And Engineering Studio (res)
Vendor
CVE Published:
6 November 2025

What is CVE-2025-12815?

An ownership verification issue exists in the Virtual Desktop preview page of the Research and Engineering Studio on AWS versions before 2025.09. This flaw can allow authenticated remote users to gain unauthorized access to another user's active desktop session metadata, which includes periodic desktop preview screenshots. To protect sensitive information, it is critical for users to upgrade to version 2025.09 or later.

Affected Version(s)

Research and Engineering Studio (RES) 2025.09

References

https://aws.amazon.com/security/security-bulletins/AWS-20...
vendor-advisory
https://github.com/aws/res/releases/tag/2025.09
patch
https://github.com/aws/res/security/advisories/GHSA-x3cx-...
vendor-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.