CVE-2025-12815_CVE-2025-12815

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N

Description

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.

To mitigate this issue, users should upgrade to version 2025.09 or above.

Basic Information

ID CVE-2025-12815

Source AMZN

Published Nov 6, 2025 at 17:10

Modified Nov 6, 2025 at 17:40

Affected Product

Vendor AWS

Product Research and Engineering Studio (RES)

Version 2025.09

CWE Classification

CWE-283

References

{
    "lastseen": "",
    "description": "An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. \n\nTo mitigate this issue, users should upgrade to version 2025.09 or above.",
    "published": "2025-11-06T17:10:34.559Z",
    "modified": "2025-11-06T17:40:11.560Z",
    "type": "cve",
    "title": "CVE-2025-12815",
    "source": "AMZN",
    "references": "https://aws.amazon.com/security/security-bulletins/AWS-2025-026/\nhttps://github.com/aws/res/releases/tag/2025.09\nhttps://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv",
    "id": "CVE-2025-12815",
    "bulletinFamily": "",
    "cwe": [
        "CWE-283"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Research and Engineering Studio (RES)",
    "version": "2025.09",
    "vendor": "AWS",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}