Improper authentication token handling in the Amazon WorkSpaces client for Linux
Bulletin ID: AWS-2025-025
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/11/5 1:20 PM PDT
Description:
We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user’s WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions.
Impacted versions: Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8
Resolution:
This issue was fixed in the Amazon WorkSpaces client for Linux version 2025.0. We recommend upgrading to this or a later version to remediate the issue. Customers can do this from the Amazon WorkSpaces Client Download page.
References:
Please email aws-security@amazon.com with any security questions or concerns.