Multiple Vulnerabilities in Amazon Web Services Clients Issued by: CERT-In (Indian Computer Emergency Response Team) Severity: High

Affected Software:

Amazon WorkSpaces: Windows (<5.21.0), macOS (<5.21.0), Linux (<2024.2) Amazon AppStream 2.0: Windows (<1.1.1332) Amazon DCV: Windows (<2023.1.9127), macOS (<2023.1.6703), Linux (<2023.1.6703) Overview:

The vulnerabilities allow attackers to intercept or manipulate sessions and gain unauthorized access to sensitive data. This is caused by insufficient security mechanisms in client-server communication, enabling man-in-the-middle (MITM) attacks.

Risks:

Unauthorized access to sensitive data Remote code execution System disruption or data theft Impact:

Potential data theft, system instability, and unauthorized session access.

Resolution:

Apply updates provided by Amazon Web Services:

AWS Security Bulletin CVE References:

CVE-2025-0500 CVE-2025-0501

*****
Written on