Amazon has disclosed a significant security vulnerability in its WorkSpaces client for Linux that could allow unauthorized users to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpaces.
The vulnerability, tracked as CVE-2025-12779, affects multiple client versions and poses a direct threat to organizations relying on Amazon’s desktop-as-a-service platform for remote work infrastructure.
The improper handling of authentication tokens in the Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8 creates a window of opportunity for attackers with local machine access.
Improper Token Handling Creates Security Risk
Under specific conditions, an unintended user on the same client machine can extract valid DCV-based Workspace authentication tokens.
This vulnerability bypasses the authentication layer that separates individual Workspace sessions, potentially exposing sensitive business data and confidential user information to lateral movement attacks.
The token extraction vulnerability represents a critical oversight in credential protection mechanisms.
While WorkSpaces employs multiple security layers for cloud access, the client-side token handling failed to maintain proper isolation between local users.
This means that any user with command-line access or system-level permissions on a shared client machine could retrieve the authentication credentials of other users running on the same hardware.
The vulnerability targets explicitly organizations utilizing DCV-based WorkSpaces with the affected Linux client versions.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-12779 |
| Component | Amazon WorkSpaces Client for Linux |
| Vulnerability Type | Improper Authentication Token Handling |
| Affected Versions | 2023.0 through 2024.8 |
This encompasses enterprises that have deployed WorkSpaces across Linux-based infrastructure or hybrid environments where Linux clients are primary access points.
The exposure window covers approximately two years of client releases, affecting a substantial user base that may not have actively updated their installations.
Scope and Impact Assessment
Amazon has proactively engaged with customers affected by this vulnerability, notifying them of the end-of-support timeline for impacted versions.
This communication strategy demonstrates AWS’s commitment to addressing the security gap. However, organizations with legacy client deployments may face challenges in rapid remediation across their user base.
Amazon resolved CVE-2025-12779 in the Amazon WorkSpaces client for Linux version 2025.0 and later releases. Organizations running any version between 2023.0 and 2024.8 should prioritize upgrading immediately.
The updated client is available through the Amazon WorkSpaces Client Download page, where IT teams can retrieve the latest version for enterprise deployment.
Security teams should conduct immediate inventory assessments to identify all Linux WorkSpaces clients currently deployed in their environment.
Organizations with multiple client installations across distributed teams should develop a phased upgrade strategy to minimize disruption while ensuring timely remediation.
This vulnerability underscores the importance of keeping software up to date and establishing regular patch management cycles for remote access infrastructure.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
