CVE-2025-0500

Опубликовано: 15 янв. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.

Ссылки

https://aws.amazon.com/security/security-bulletins/AWS-2025-001/
https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html
https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes

EPSS

Процентиль: 53%

0.00304

Низкий

7.5 High

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-99ph-c47h-7pf8