CVE-2025-12815

CVSS 5.3 MEDIUMEPSS 0.3%CWE-283

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Produtos afetados

AWS · Research and Engineering Studio (RES)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://aws.amazon.com/security/security-bulletins/AWS-2025-026/https://github.com/aws/res/releases/tag/2025.09 https://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv