CVE-2025-0500

EUVD-2025-1720
An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
AMZNCNA
7.5 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
amazonworkspaces
5.0.0 ≤
𝑥
< 5.21.0
CNA
amazonworkspaces
2023.0 ≤
𝑥
< 2024.2
CNA
amazonworkspaces
1.1.1025 ≤
𝑥
< 1.1.1332
CNA
amazonworkspaces
𝑥
< 2023.1.6703
CNA
amazonworkspaces
2020.2.7459 ≤
𝑥
< 2023.1.9127
CNA
amazonworkspaces
5.5.0 ≤
𝑥
< 5.21.0
CNA
amazonworkspaces
2020.2.2078 ≤
𝑥
< 2023.1.6703
CNA
Common Weakness Enumeration
References
https://aws.amazon.com/security/security-bulletins/AWS-2025-001/
https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html
https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes