Bulletin ID: AWS-2025-026
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/11/6 9:15 AM PDT

Description:

Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. We identified CVE-2025-12815, in which an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.

Impacted versions: < 2025.09

Resolution:

This issue has been addressed in RES version 2025.09. We recommend upgrading to the latest version and ensuring any forked or derivative code is patched to incorporate the new fixes.

References:

• CVE-2025-12815
• GHSA-x3cx-g8g9-75hv

Please email aws-security@amazon.com with any security questions or concerns.