AWS Addresses Security Flaws in WorkSpaces, AppStream 2.0, and DCV

Home/BOTNET, Exploitation, Internet Security, Security Advisory, Security Update, Tips, vulnerability/AWS Addresses Security Flaws in WorkSpaces, AppStream 2.0, and DCV

AWS Addresses Security Flaws in WorkSpaces, AppStream 2.0, and DCV

AWS has issued a critical security advisory for vulnerabilities in certain versions of its clients for Amazon WorkSpaces, AppStream 2.0, and NICE DCV, identified as CVE-2025-0500 and CVE-2025-0501. These vulnerabilities pose significant risks, prompting AWS to recommend immediate updates to safeguard user data.

All about the vulnerabilities

CVE-2025-0500

CVE-2025-0500 impacts Amazon WorkSpaces and AppStream 2.0 users using the Amazon NICE DCV protocol. It could allow attackers to carry out man-in-the-middle attacks, granting unauthorized access to remote WorkSpaces, AppStream, or DCV sessions.

Affected Versions and Recommended Updates

The vulnerability impacts the following versions:

  • Amazon WorkSpaces: Windows client 5.20.0 or earlier, macOS client 5.20.0 or earlier, Linux client 2024.1 or earlier.
  • Amazon AppStream 2.0: Windows client 1.1.1326 or earlier.
  • Amazon DCV: Windows client 2023.1.8993 or earlier, macOS client 2023.1.6203 or earlier, Linux client 2023.1.6203 or earlier.

AWS recommends upgrading to these versions or later:

  • Amazon WorkSpaces: Windows client 5.21.0 or later, macOS client 5.21.0 or later, Linux client 2024.2 or later.
  • Amazon AppStream 2.0: Windows client 1.1.1332 or later.
  • Amazon DCV: Windows client 2023.1.9127 or later, macOS client 2023.1.6703 or later, Linux client 2023.1.6703 or later.

CVE-2025-0501

CVE-2025-0501 affects Amazon WorkSpaces when using the Amazon PCoIP protocol.

Like CVE-2025-0500, this vulnerability allows attackers to perform man-in-the-middle attacks, potentially compromising remote WorkSpaces sessions.

Affected Versions:

  • Amazon WorkSpaces Windows client 5.22.0 or earlier
  • Amazon WorkSpaces macOS client 5.22.0 or earlier
  • Amazon WorkSpaces Linux client 2024.5 or earlier
  • Amazon WorkSpaces Android client 5.0.0 or earlier

Recommended Updates:

  • Amazon WorkSpaces Windows client 5.22.1 or later
  • Amazon WorkSpaces macOS client 5.22.1 or later
  • Amazon WorkSpaces Linux client 2024.6 or later
  • Amazon WorkSpaces Android client 5.0.1 or later

Recommendations for AWS Users

AWS urges users to keep their software updated to protect sensitive data and maintain a secure environment. The company has notified customers about the end of support for affected versions and stressed the need for upgrades. Organizations should regularly implement updates, conduct vulnerability assessments, and stay informed through AWS advisories to ensure robust cloud security.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 298
By | 2025-01-21T10:49:32+05:30 January 18th, 2025|BOTNET, Exploitation, Internet Security, Security Advisory, Security Update, Tips, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!