Amazon WorkSpaces for Linux has been impacted by an important improper token handling flaw, tracked as CVE-2025-12779, which could be abused to facilitate authentication token compromise, The Cyber Express reports.Acquisition of valid authentication tokens from Amazon WorkSpaces client for Linux versions 2023.0 to 2024.8 could then allow threat actors to infiltrate other WorkSpace instances as authenticated users, ensuring persistence in the compromised system, according to AWS.AWS has already begun deprecating the use of vulnerable WorkSpaces for Linux to encourage an upgrade to version 2025.0, which addresses the flaw. Moreover, organizations have been recommended to not only conduct audits that seek to determine older utilization of older WorkSpaces for Linux iterations and prioritize updates for environments where the same Linux systems are accessed by numerous users but also examine access logs for atypical login activity or unapproved token extraction activities.
Vulnerability Management, Cloud Security
Amazon WorkSpaces for Linux flaw poses token theft risk
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds