CVE-2025-12815
5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
Summary
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.
To mitigate this issue, users should upgrade to version 2025.09 or above.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| AWS | Research and Engineering Studio (RES) | 2025.09 | unaffected |
Weaknesses
- CWE-283: CWE-283: Unverified Ownership
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://aws.amazon.com/security/security-bulletins/AWS-2025-026/
- https://github.com/aws/res/releases/tag/2025.09
- https://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.