CVE-2025-0500

Summary

An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.

Affected Software

VendorProductVersion RangeStatus
AmazonWorkSpaces Client5.0.0 < 5.21.0affected
AmazonWorkSpaces Client2023.0 < 2024.2affected
AmazonAppStream 2.0 Client1.1.1025 < 1.1.1332affected
AmazonDCV Client0 < 2023.1.6703affected
AmazonDCV Client2020.2.7459 < 2023.1.9127affected
AmazonWorkSpaces Client5.5.0 < 5.21.0affected
AmazonDCV Client2020.2.2078 < 2023.1.6703affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References