The flaw, tracked as CVE-2025-12779, creates a dangerous pathway for malicious local users to extract valid authentication tokens and gain unauthorized access to other users’ Workspace sessions.
AWS released security bulletin AWS-2025-025 on November 5, 2025, highlighting the severity of the issue and mandating immediate action from affected users.
The vulnerability stems from improper token management in the WorkSpaces client, specifically affecting versions 2023.0 through 2024.8.
| CVE ID | Impacted Products | Impacted Versions | CVSS Score | Resolution |
| CVE-2025-12779 | Amazon WorkSpaces client for Linux | 2023.0 through 2024.8 | Pending | Upgrade to 2025. |
When these vulnerable versions operate on shared Linux systems or multi-user environments, they inadvertently leave authentication tokens accessible to other local users.
An attacker with access to the same machine could exploit this weakness to extract these tokens and assume control over another user’s virtual workspace session, effectively gaining complete access to that individual’s private virtual environment and all associated resources.
The technical nature of this vulnerability represents a fundamental breach in desktop virtualization security.
Unlike traditional network-based attacks, this threat operates at the local system level, making it particularly dangerous in organizations where shared infrastructure or contractor access is common.
The exposed authentication tokens serve as valid credentials, bypassing standard security mechanisms and allowing attackers to establish legitimate sessions without triggering typical intrusion detection systems.
This means an attacker could potentially maintain persistent access to sensitive data, applications, and business systems within a compromised Workspace.
AWS has explicitly advised all users running the vulnerable versions to upgrade to version 2025.0 or newer without delay.
The company has ended support for these affected versions, effectively forcing organizations to undertake immediate remediation.
Users can obtain the patched version through the official Amazon WorkSpaces Client Download page.
Organizations should prioritize this update across their entire deployment, particularly in shared computing environments where multiple users access the same Linux systems.
Security teams should immediately audit their WorkSpaces deployments to identify instances running versions 2023.0 through 2024.8.
A comprehensive update strategy should be implemented across all affected systems, with priority given to high-risk environments such as shared workstations or systems handling sensitive data.
Additionally, organizations should review access logs to identify any suspicious token extraction attempts or unauthorized access to Workspaces during the vulnerable period.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
The post Amazon WorkSpaces for Linux Vulnerability Allows Extraction of Valid Auth Tokens appeared first on Cyber Security News.
INDIANAPOLIS, IND. (WOWO) Indiana drivers could soon see higher fuel costs if a temporary tax…
INDIANAPOLIS, IND. (WOWO) Indiana officials say millions of dollars in unclaimed property remains available for…
COLUMBUS, OH (WOWO) A new national analysis projects that investor-owned utilities will invest about 1.4…
Concord’s police and fire departments are reporting a strong recovery in their ability to attract…
Blast Blade from Silent Bark games is a 3D platform fighter that puts you behind…
Community members are stocking up on essential supplies as Stateline residents are preparing for another…
This website uses cookies.