CVE-2025-0501 is a security vulnerability affecting native Amazon WorkSpaces clients that use the PCoIP protocol. The flaw is rooted in improper certificate validation (CWE-295), which can allow an attacker to conduct a manโinโtheโmiddle (MITM) attack. If exploited, an adversary may intercept or manipulate remote WorkSpaces sessions, thereby gaining unauthorized access.
Affected Versions:
- Amazon WorkSpaces Clients:
- Windows: Versions 5.22.0 or earlier
- macOS: Versions 5.22.0 or earlier
- Linux: Versions 2024.5 or earlier
- Android: Versions 5.0.0 or earlier
The vulnerability has been addressed by Amazon. Users are strongly encouraged to update to the following versions or later:
- Amazon WorkSpaces Clients:
- Windows: Version 5.22.1 or later
- macOS: Version 5.22.1 or later
- Linux: Version 2024.6 or later
- Android: Version 5.0.1 or later
See more details on: