Amazon Confirms WorkSpaces Linux Client Authentication Issue

ByDavey Winder,

Senior Contributor.

Although it is more common to see media headlines concerning dangers from hackers and scammers around the various Prime and Black Friday sales, Amazon Web Services does not escape unscathed. Outages caused by DNS, ransomware attacks that are supposedly impossible to recover from, or, most aptly right now, high-severity cloud security vulnerabilities have all had their day. And that day has come again, this time as Amazon confirms another security vulnerability impacting Linux WorkSpace client users that requires immediate action to address. Here’s what you need to know about CVE-2025-12779.

Amazon Web Services has issued a security bulletin, AWS-2025-025, that warns of an improper handling of Linux WorkSpaces authentication tokens.

“Under certain circumstances,” Amazon said, “an unintended user may be able to extract a valid authentication token from the client machine and access another user’s WorkSpace.” Yes, this is as bad as it sounds, and is why the vulnerability in question, CVE-2025-12779, very nearly hits critical status with an 8.8 Common Vulnerability Scoring System rating.

Amazon Confirms WorkSpaces Linux Client Authentication Issue

Related reading

Amazon CISO Confirms Hacker Exploit Used 2 Zero-Day Attacks

Amazon Web Services Experiencing More Connectivity Issues During Recovery From…

Linux cryptographic code flaw offers fast route to root

AWS outage live: Users report outages with Microsoft and Amazon Web Services

Amazon Web Services outage takes down major websites

Amazon Issues Attack Alert — 300 Million Customers Are At Risk Now