CVE-2025-0500 is a security vulnerability identified in specific versions of native clients for Amazon WorkSpaces (using the Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV. This flaw could allow an attacker to perform a man-in-the-middle (MITM) attack, potentially granting unauthorized access to remote sessions.
Affected Versions:
- Amazon WorkSpaces Clients:
- Windows: Versions 5.20.0 and earlier
- macOS: Versions 5.20.0 and earlier
- Linux: Versions 2024.1 and earlier
- Amazon AppStream 2.0 Windows Client:
- Versions 1.1.1326 and earlier
- Amazon DCV Clients:
- Windows: Versions 2023.1.8993 and earlier
- macOS: Versions 2023.1.6203 and earlier
- Linux: Versions 2023.1.6203 and earlier
Amazon has addressed this vulnerability in subsequent releases. Users are strongly encouraged to update to the following versions or later:
- Amazon WorkSpaces Clients:
- Windows: Version 5.21.0
- macOS: Version 5.21.0
- Linux: Version 2024.2
- Amazon AppStream 2.0 Windows Client:
- Version 1.1.1332
- Amazon DCV Clients:
- Windows: Version 2023.1.9127
- macOS: Version 2023.1.6703
- Linux: Version 2023.1.6703
See more details on: