Cyber Security News

AWS Patches Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has recently addressed two critical security vulnerabilities affecting its popular cloud-based services: Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (Desktop Cloud Visualization).

The vulnerabilities, identified as CVE-2025-0500 and CVE-2025-0501, could potentially allow malicious actors to perform man-in-the-middle attacks and gain unauthorized access to remote sessions.

CVE-2025-0500, which affects specific versions of native clients for Amazon WorkSpaces (using the Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV, has been assigned a CVSS v4.0 score of 7.7, indicating a high severity level.

This vulnerability impacts various client versions across all the major platforms.

Similarly, CVE-2025-0501 specifically targets Amazon WorkSpaces clients utilizing the PCoIP protocol.

Security experts at Amazon discovered that this vulnerability affects Windows, macOS, Linux, and Android clients, potentially exposing users to unauthorized access of remote WorkSpaces sessions.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Technical Analysis

To address these security concerns, AWS has released patched versions for all affected clients.

For CVE-2025-0500: users are advised to upgrade to Amazon WorkSpaces client version 5.21.0 or later for Windows and macOS, and version 2024.2 or later for Linux. Amazon AppStream 2.0 users should update to Windows client version 1.1.1332 or later, while Amazon DCV users across all platforms should upgrade to version 2023.1.9127 or later.

For CVE-2025-0501: AWS recommends upgrading to Amazon WorkSpaces client version 5.22.1 or later for Windows and macOS, version 2024.6 or later for Linux, and version 5.0.1 or later for Android.

Security experts emphasize the importance of prompt action, urging users and organizations to update their client software immediately.

These vulnerabilities shown the ongoing challenges in maintaining security for cloud-based services and remote work solutions.

As cloud adoption continues to grow, users are urged to stay vigilant and keep their software up-to-date to mitigate potential security risks.

AWS has proactively communicated with customers regarding the end of support for the impacted versions and continues to monitor the situation closely.

Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar

Tushar Subhra Dutta

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

New Device Code Phishing Attack Exploit Device Code Authentication To Capture Authentication Tokens

A sophisticated phishing campaign, identified by Microsoft Threat Intelligence, has been exploiting a technique known…

1 hour ago

RedMike Hackers Exploited 1000+ Cisco Devices to Gain Admin Access

Researchers observed a sophisticated cyber-espionage campaign led by the Chinese state-sponsored group known as "Salt…

3 hours ago

AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code

A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen™ Master…

3 hours ago

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution

Researchers have uncovered a high-severity SQL injection vulnerability, CVE-2025-1094, affecting PostgreSQL’s interactive terminal tool, psql. …

4 hours ago

WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code

A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute…

8 hours ago

Hackers Actively Exploiting New PAN-OS Authentication Bypass Vulnerability

Palo Alto Networks has released a patch for a high-severity authentication bypass vulnerability, identified as…

9 hours ago