Amazon Web Services (AWS) has recently addressed two critical security vulnerabilities affecting its popular cloud-based services: Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (Desktop Cloud Visualization).
The vulnerabilities, identified as CVE-2025-0500 and CVE-2025-0501, could potentially allow malicious actors to perform man-in-the-middle attacks and gain unauthorized access to remote sessions.
CVE-2025-0500, which affects specific versions of native clients for Amazon WorkSpaces (using the Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV, has been assigned a CVSS v4.0 score of 7.7, indicating a high severity level.
This vulnerability impacts various client versions across all the major platforms.
Similarly, CVE-2025-0501 specifically targets Amazon WorkSpaces clients utilizing the PCoIP protocol.
Security experts at Amazon discovered that this vulnerability affects Windows, macOS, Linux, and Android clients, potentially exposing users to unauthorized access of remote WorkSpaces sessions.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
To address these security concerns, AWS has released patched versions for all affected clients.
For CVE-2025-0500: users are advised to upgrade to Amazon WorkSpaces client version 5.21.0 or later for Windows and macOS, and version 2024.2 or later for Linux. Amazon AppStream 2.0 users should update to Windows client version 1.1.1332 or later, while Amazon DCV users across all platforms should upgrade to version 2023.1.9127 or later.
For CVE-2025-0501: AWS recommends upgrading to Amazon WorkSpaces client version 5.22.1 or later for Windows and macOS, version 2024.6 or later for Linux, and version 5.0.1 or later for Android.
Security experts emphasize the importance of prompt action, urging users and organizations to update their client software immediately.
These vulnerabilities shown the ongoing challenges in maintaining security for cloud-based services and remote work solutions.
As cloud adoption continues to grow, users are urged to stay vigilant and keep their software up-to-date to mitigate potential security risks.
AWS has proactively communicated with customers regarding the end of support for the impacted versions and continues to monitor the situation closely.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar
A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…
Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…
A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…
Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …
A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…
Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as…