CVE-2025-0501

Summary

An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle.

Affected Software

VendorProductVersion RangeStatus
AmazonWorkSpaces Client3.0.0 < 5.22.1affected
AmazonWorkSpaces Client3.0.0 < 2024.6affected
AmazonWorkSpaces Client3.0.1 < 5.0.1affected

Weaknesses

  • CWE-295: CWE-295 Improper Certificate Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References