CVE-2025-12815

medium

Description

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.

References

https://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv

https://aws.amazon.com/security/security-bulletins/AWS-2025-026/

https://aws.amazon.com/security/security-bulletins/rss/aws-2025-026/

https://github.com/aws/res/releases/tag/2025.09

Details

Source: Mitre, NVD

Published: 2025-11-06

Updated: 2025-11-06

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00034