Amazon has disclosed a significant security vulnerability in its WorkSpaces client for Linux, tracked as CVE-2025-12779, that could let unauthorized users extract valid authentication tokens and access other users’ WorkSpaces.
The flaw affects multiple versions of the WorkSpaces Linux client and poses a severe risk to organizations relying on Amazon’s Desktop-as-a-Service (DaaS) platform for remote work.
Improper Token Handling Creates Security Risk
The vulnerability stems from improper handling of authentication tokens in the Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8.
Under certain conditions, a user on the same machine could extract valid DCV-based authentication tokens, bypassing the intended authentication layer that isolates individual Workspace sessions.
This flaw exposes sensitive business data and opens the door for lateral movement attacks within shared environments.
While Amazon WorkSpaces implements multiple cloud-side security layers, this client-side oversight in token management compromised the isolation of credentials between local user sessions.
Anyone with command-line or system-level access on a shared Linux machine could theoretically retrieve another user’s WorkSpaces authentication tokens and gain unauthorized access.
Vulnerability Details
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-12779 |
| Component | Amazon WorkSpaces Client for Linux |
| Vulnerability Type | Improper Authentication Token Handling |
| Affected Versions | 2023.0 through 2024.8 |
This vulnerability specifically impacts DCV-based WorkSpaces, a protocol Amazon uses for secure remote desktop streaming.
Organizations using Linux clients as primary access points or part of hybrid infrastructure setups are most at risk.
The exposure window covers nearly two years of client releases, which means many organizations may still be running unpatched versions.
Scope and Impact Assessment
Amazon has taken a proactive stance by notifying customers about this vulnerability and the end-of-support timeline for the affected client versions.
This demonstrates AWS’s commitment to addressing the issue swiftly. However, enterprises running legacy or widely distributed deployments could find it challenging to roll out patches quickly across all endpoints.
To mitigate the risk, organizations should:
Upgrade to the latest Amazon WorkSpaces client for Linux immediately.
Limit shared machine usage and enforce stricter local user permissions.
Review authentication logs for suspicious access activity.
Implement endpoint monitoring to detect token-related anomalies.
Conclusion
The discovery of CVE-2025-12779 highlights the importance of client-side security in cloud-based virtual desktop environments.
Even when the cloud infrastructure is robust, local vulnerabilities can create serious risks if overlooked.
Enterprises using Amazon WorkSpaces for Linux should update affected clients without delay to prevent unauthorized access and maintain a secure remote work environment.