Amazon Workspace Client for Linux Token Vulnerability Fixed in Version 2025.0
Summary : Amazon patched a vulnerability in the Linux version of its Workspace’s client that improperly handles authentication tokens in versions from 2023.0 through 2024.8.
| OEM | Amazon |
| Severity | High |
| CVSS Score | 8.8 |
| CVEs | CVE-2025-12779 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
This flaw allows local users on the same machine such as in shared, multi-user environments to extract valid authentication tokens.
Often used to impersonate other users and gain unauthorized access to their virtual desktop sessions, exposing sensitive data and applications.
The issue does not allow remote exploitation, but it poses a significant risk in workplaces using shared Linux systems for Workspace’s access.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Improper Authentication Token Handling in Amazon WorkSpaces Client | CVE-2025-12779 | Amazon WorkSpaces client for Linux | High | 2025.0 |
Technical Summary
The root cause lies in insecure management of authentication tokens, enabling token extraction by unintended local users. This vulnerability was assigned to high severity, prompting Amazon to issue a fix in the 2025.0 version of the client.
The update improves session isolation and secures token handling, protecting against lateral token theft.
Users and Administrators are strongly advised to upgrade promptly to avoid unauthorized access risks associated with multi-user Linux setups commonly found in corporate or virtual machine environments.
| CVE ID | Component Affected | Vulnerability Details | Impact |
| CVE-2025-12779 | Amazon WorkSpaces client for Linux (versions 2023.0 through 2024.8) | Local users on shared Linux machines can extract authentication tokens due to improper token handling, allowing them to access other users’ Workspaces. | Unauthorized access to another user’s workspace |
Recommendations
- Update the Amazon Workspace’s client for Linux immediately to version 2025.0 or later.
Conclusion:
This vulnerability highlights the criticality of robust token security in virtual desktop clients, especially for environments with shared access.
Amazon’s swift patch release underscores the need for continuous vigilance and timely updates to maintain secure remote workspace solutions and prevent privilege escalation through token leakage. Upgrading to the patched version effectively mitigates the exposure and secures user sessions.
References: