CVE-2025-12815 | THREATINT

Description

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.

PUBLISHED Reserved 2025-11-06 | Published 2025-11-06 | Updated 2025-11-06 | Assigner AMZN

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

CWE-283: Unverified Ownership

Product status

Default status

unaffected

2025.09

unaffected

References

aws.amazon.com/security/security-bulletins/AWS-2025-026/ vendor-advisory

github.com/aws/res/releases/tag/2025.09 patch

github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv vendor-advisory

cve.org (CVE-2025-12815)

nvd.nist.gov (CVE-2025-12815)

Download JSON