Amazon disclosed a significant security vulnerability in its WorkSpaces client for Linux, tracked as CVE-2025-12779. This flaw allows malicious users with local access to extract authentication tokens, granting them unauthorized access to the WorkSpaces of other users. Affected client versions range from 2023.0 to 2024.8, allowing potential exploitation over two years of releases. The vulnerability indicates a critical lapse in the client-side token handling mechanism that fails to isolate individual sessions properly. While the concern primarily impacts organizations using DCV-based WorkSpaces, it underscores a systemic issue of credential protection.
AWS has communicated with affected customers, emphasizing the urgency of upgrading to version 2025.0 or later to mitigate risks. Security teams should conduct thorough assessments of deployed Linux WorkSpaces clients and establish a phased upgrade strategy to handle the remediation across distributed teams efficiently. This incident highlights the importance of vigilant patch management practices, particularly for remote access solutions that are critical for modern workforce infrastructures. Organizations must prioritize regular updates to shield against potential lateral movement attacks that could arise from such vulnerabilities.
👉 Pročitaj original: Cyber Security News
