Amazon has disclosed a major safety vulnerability in its WorkSpaces consumer for Linux that would permit unauthorized customers to extract legitimate authentication tokens and acquire unauthorized entry to different customers’ WorkSpaces.
The vulnerability, tracked as CVE-2025-12779, impacts a number of consumer variations and poses a direct risk to organizations counting on Amazon’s desktop-as-a-service platform for distant work infrastructure.
The improper dealing with of authentication tokens within the Amazon WorkSpaces consumer for Linux variations 2023.0 by 2024.8 creates a window of alternative for attackers with native machine entry.
Improper Token Dealing with Creates Safety Threat
Underneath particular circumstances, an unintended consumer on the identical consumer machine can extract legitimate DCV-based Workspace authentication tokens.
This vulnerability bypasses the authentication layer that separates particular person Workspace periods, probably exposing delicate enterprise information and confidential consumer info to lateral motion assaults.
The token extraction vulnerability represents a important oversight in credential safety mechanisms.
Whereas WorkSpaces employs a number of safety layers for cloud entry, the client-side token dealing with failed to keep up correct isolation between native customers.
Which means any consumer with command-line entry or system-level permissions on a shared consumer machine may retrieve the authentication credentials of different customers working on the identical {hardware}.
The vulnerability targets explicitly organizations using DCV-based WorkSpaces with the affected Linux consumer variations.
AttributeDetailsCVE IDCVE-2025-12779ComponentAmazon WorkSpaces Consumer for LinuxVulnerability TypeImproper Authentication Token HandlingAffected Versions2023.0 by 2024.8
This encompasses enterprises which have deployed WorkSpaces throughout Linux-based infrastructure or hybrid environments the place Linux purchasers are major entry factors.
The publicity window covers roughly two years of consumer releases, affecting a considerable consumer base that will not have actively up to date their installations.
Scope and Impression Evaluation
Amazon has proactively engaged with prospects affected by this vulnerability, notifying them of the end-of-support timeline for impacted variations.
This communication technique demonstrates AWS’s dedication to addressing the safety hole. Nevertheless, organizations with legacy consumer deployments could face challenges in fast remediation throughout their consumer base.
Amazon resolved CVE-2025-12779 within the Amazon WorkSpaces consumer for Linux model 2025.0 and later releases. Organizations working any model between 2023.0 and 2024.8 ought to prioritize upgrading instantly.
The up to date consumer is obtainable by the Amazon WorkSpaces Consumer Obtain web page, the place IT groups can retrieve the most recent model for enterprise deployment.
Safety groups ought to conduct fast stock assessments to determine all Linux WorkSpaces purchasers presently deployed of their setting.
Organizations with a number of consumer installations throughout distributed groups ought to develop a phased improve technique to attenuate disruption whereas guaranteeing well timed remediation.
This vulnerability underscores the significance of retaining software program updated and establishing common patch administration cycles for distant entry infrastructure.
Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.
