CVE-2025-3047 is a vulnerability identified in the AWS Serverless Application Model Command Line Interface (AWS SAM CLI). When the sam build process is executed with Docker and includes symbolic links (symlinks) in the build files, the container environment may allow unauthorized access to privileged files on the host system. An attacker could exploit this by…

Continue Reading

CVE-2025-0501 is a security vulnerability affecting native Amazon WorkSpaces clients that use the PCoIP protocol. The flaw is rooted in improper certificate validation (CWE-295), which can allow an attacker to conduct a man‑in‑the‑middle (MITM) attack. If exploited, an adversary may intercept or manipulate remote WorkSpaces sessions, thereby gaining unauthorized access. Affected Versions: The vulnerability has…

Continue Reading

CVE-2025-0500 is a security vulnerability identified in specific versions of native clients for Amazon WorkSpaces (using the Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV. This flaw could allow an attacker to perform a man-in-the-middle (MITM) attack, potentially granting unauthorized access to remote sessions. Affected Versions: Amazon has addressed this vulnerability in subsequent releases.…

Continue Reading