CVE-2025-12815

5.3MEDIUM

Key Information:

Vendor: Aws
Status: Research And Engineering Studio (res)
Vendor: CVE Published:; 6 November 2025

🔔 Create Aws Vulnerability Alert

What is CVE-2025-12815?

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.

To mitigate this issue, users should upgrade to version 2025.09 or above.

Affected Version(s)

Research and Engineering Studio (RES) 2025.09

References

https://aws.amazon.com/security/security-bulletins/AWS-20...

vendor-advisory

https://github.com/aws/res/releases/tag/2025.09

https://github.com/aws/res/security/advisories/GHSA-x3cx-...

vendor-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Nov 6, 2025

.

CVE-2025-12815 : Ownership Verification Flaw in AWS Research and Engineering Studio