Refine your search
2 vulnerabilities found for WorkSpaces Client by Amazon
CVE-2025-0501 (GCVE-0-2025-0501)
Vulnerability from cvelistv5
Published
2025-01-15 18:21
Modified
2025-10-14 18:51
Severity ?
7.7 (High) - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Amazon | WorkSpaces Client |
Version: 3.0.0 ≤ |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0501",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T19:16:15.768458Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T21:29:05.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "5.22.1",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2024.6",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Android"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "5.0.1",
"status": "affected",
"version": "3.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eAn issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:51:31.114Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-001/"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-android-client.html#android-release-notes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Issue affecting Amazon WorkSpaces Clients (when running PCoIP protocol)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-0501",
"datePublished": "2025-01-15T18:21:08.166Z",
"dateReserved": "2025-01-15T17:34:10.305Z",
"dateUpdated": "2025-10-14T18:51:31.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0500 (GCVE-0-2025-0500)
Vulnerability from cvelistv5
Published
2025-01-15 18:20
Modified
2025-10-14 18:54
Severity ?
7.7 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-295 - Improper Certificate Validation
Summary
An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Amazon | WorkSpaces Client |
Version: 5.0.0 ≤ |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T19:16:44.671374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:20.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "5.21.0",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "2023.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AppStream 2.0 Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "1.1.1332",
"status": "affected",
"version": "1.1.1025",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.6703",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.9127",
"status": "affected",
"version": "2020.2.7459",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "5.21.0",
"status": "affected",
"version": "5.5.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.6703",
"status": "affected",
"version": "2020.2.2078",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle."
}
],
"value": "An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:54:46.403Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-001/"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-0500",
"datePublished": "2025-01-15T18:20:33.468Z",
"dateReserved": "2025-01-15T17:34:09.099Z",
"dateUpdated": "2025-10-14T18:54:46.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}