CVE-2025-12815

CVSS 5.3 MEDIUMEPSS 0.3%CWE-283

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Affected products

AWS · Research and Engineering Studio (RES)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-026/https://github.com/aws/res/releases/tag/2025.09 https://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv