← volver
CVE-2025-12815

CVE-2025-12815

CVSS 5.3 MEDIUMEPSS 0.3%CWE-283
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
Productos afectados
AWS · Research and Engineering Studio (RES)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://aws.amazon.com/security/security-bulletins/AWS-2025-026/https://github.com/aws/res/releases/tag/2025.09https://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv