CVE-2025-0500

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

n issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.

References

Link	Resource
https://aws.amazon.com/security/security-bulletins/AWS-2025-001/
https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html
https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes

Configurations

No configuration.

History

14 Oct 2025, 19:15

Type	Values Removed	Values Added
References		() https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html - () https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul - () https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes - () https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes - () https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes -

29 Jan 2025, 19:15

Type	Values Removed	Values Added
Summary		(es) Un problema en los clientes nativos de Amazon WorkSpaces, Amazon AppStream 2.0 y Amazon DCV Clients puede permitir que un atacante acceda a sesiones remotas a través de un man-in-the-middle.
Summary	~~(en) An issue in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.~~	(en) An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.

15 Jan 2025, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-15 19:15

Updated : 2025-10-14 19:15

NVD link : CVE-2025-0500

Mitre link : CVE-2025-0500

CVE.ORG link : CVE-2025-0500

JSON object : View

Products Affected

No product.

CWE

CWE-295

Improper Certificate Validation

7.5 /10