Summary: Amazon has issued a security advisory for two critical vulnerabilities (CVE-2025-0500 and CVE-2025-0501) affecting its native clients for Amazon WorkSpaces, AppStream 2.0, and DCV, with a CVSSv4 score of 7.7. These vulnerabilities could enable attackers to execute man-in-the-middle (MITM) attacks, potentially granting unauthorized access to remote sessions. Users are urged to update to the latest patched versions to mitigate these risks.
Threat Actor: Unknown | unknown
Victim: Amazon | Amazon
Keypoints :
- Vulnerabilities CVE-2025-0500 and CVE-2025-0501 allow for potential MITM attacks.
- Affected versions include various clients for Amazon WorkSpaces, AppStream 2.0, and DCV.
- Amazon has released patched versions and users are strongly encouraged to update.
Source: https://securityonline.info/aws-patches-vulnerabilities-in-workspaces-appstream-2-0-and-dcv-clients/