Amazon Net Providers (AWS) has issued a important safety advisory highlighting vulnerabilities in particular variations of its native purchasers for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon NICE DCV.
Recognized as CVE-2025-0500 and CVE-2025-0501, these vulnerabilities current important dangers, compelling AWS to advocate pressing updates to guard person knowledge.
Overview of the Vulnerabilities
CVE-2025-0500
CVE-2025-0500 impacts customers of Amazon WorkSpaces and Amazon AppStream 2.0 when using the Amazon NICE DCV protocol.
This vulnerability may permit malicious actors to execute man-in-the-middle assaults, enabling unauthorized entry to distant WorkSpaces, AppStream, or DCV classes.
Examine Actual-World Malicious Hyperlinks & Phishing Assaults With Risk Intelligence Lookup - Attempt for Free
The variations affected by this vulnerability embody Amazon WorkSpaces Home windows consumer 5.20.0 or earlier, macOS consumer 5.20.0 or earlier, and Linux consumer 2024.1 or earlier.
Moreover, the vulnerability impacts the Amazon AppStream 2.0 Home windows consumer model 1.1.1326 or earlier, in addition to Amazon DCV Home windows consumer model 2023.1.8993 or earlier, macOS consumer model 2023.1.6203 or earlier, and Linux consumer model 2023.1.6203 or earlier for all supported distributions.
To deal with this vulnerability, AWS recommends that customers improve to the next variations or later: Amazon WorkSpaces Home windows consumer 5.21.0 or later, macOS consumer 5.21.0 or later, and Linux consumer 2024.2 or later.
For Amazon AppStream 2.0, customers ought to replace to Home windows consumer model 1.1.1332 or later.
For Amazon DCV, the really helpful updates are Home windows consumer model 2023.1.9127 or later, macOS consumer model 2023.1.6703 or later, and Linux consumer model 2023.1.6703 or later for all supported distributions.
CVE-2025-0501
The second vulnerability, CVE-2025-0501, applies particularly to Amazon WorkSpaces when utilizing the Amazon PCoIP protocol.
Just like CVE-2025-0500, this concern may allow attackers to carry out man-in-the-middle assaults, compromising distant WorkSpaces classes.
Affected variations for this vulnerability embody Amazon WorkSpaces Home windows consumer 5.22.0 or earlier, macOS consumer 5.22.0 or earlier, Linux consumer 2024.5 or earlier, and Android consumer 5.0.0 or earlier.
To mitigate the dangers related to CVE-2025-0501, customers are suggested to improve to the next variations or later: Amazon WorkSpaces Home windows consumer 5.22.1 or later, macOS consumer 5.22.1 or later, Linux consumer 2024.6 or later, and Android consumer 5.0.1 or later.
Suggestions for AWS Customers
In gentle of those vulnerabilities, AWS emphasizes the important significance of sustaining up to date software program variations to guard delicate knowledge and guarantee a safe working surroundings.
The corporate has proactively communicated with its clients relating to the top of help for the affected variations, reinforcing the urgency for customers to improve.
Organizations using AWS companies ought to undertake greatest practices by usually implementing updates and conducting vulnerability assessments.
Staying knowledgeable by AWS advisories and safety bulletins is important for sustaining strong safety postures in cloud environments.
Making certain that every one purchasers function on supported variations won’t solely assist mitigate potential dangers but in addition improve total safety protocols inside the group.
Integrating Utility Safety into Your CI/CD Workflows Utilizing Jenkins & Jira -> Free Webinar