CVE-2025-12815

Sažetak

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.

Reference

https://aws.amazon.com/security/security-bulletins/AWS-2025-026/
https://github.com/aws/res/releases/tag/2025.09
https://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv

CVSS

Base:	4.3
Impact:	1.4
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

06-11-2025 - 19:45

Objavljeno

06-11-2025 - 18:15