Amazon Workspaces For Linux Vulnerability Let Attackers Extract...

Amazon has disclosed a significant security vulnerability in its WorkSpaces client for Linux that could allow unauthorized users to extract valid authentication tokens and gain unauthorized access to other users’ WorkSpaces.

The vulnerability, tracked as CVE-2025-12779, affects multiple client versions and poses a direct threat to organizations relying on Amazon’s desktop-as-a-service platform for remote work infrastructure.

The improper handling of authentication tokens in the Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8 creates a window of opportunity for attackers with local machine access.

Under specific conditions, an unintended user on the same client machine can extract valid DCV-based Workspace authentication tokens.

This vulnerability bypasses the authentication layer that separates individual Workspace sessions, potentially exposing sensitive business data and confidential user information to lateral movement attacks.

The token extraction vulnerability represents a critical oversight in credential protection mechanisms.

While WorkSpaces employs multiple security layers for cloud access, the client-side token handling failed to maintain proper isolation between local users.

This means that any user with command-line access or system-level permissions on a shared client machine could retrieve the authentication credentials of other users running on the same hardware.

The vulnerability targets explicitly organizations utilizing DCV-based WorkSpaces with the affected Linux client versions.

This encompasses enterprises that have deployed WorkSpaces across Linux-based infrastructure or hybrid environments where Linux clients are primary access points.