CVE-2025-12815

Summary

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.

To mitigate this issue, users should upgrade to version 2025.09 or above.

Affected Software

VendorProductVersion RangeStatus
AWSResearch and Engineering Studio (RES)2025.09unaffected

Weaknesses

  • CWE-283: CWE-283: Unverified Ownership

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References