Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for DCV Client by Amazon
CVE-2025-0500 (GCVE-0-2025-0500)
Vulnerability from cvelistv5 – Published: 2025-01-15 18:20 – Updated: 2025-10-14 18:54
VLAI
Title
Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients
Summary
An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://docs.aws.amazon.com/workspaces/latest/use… | patchrelease-notes |
| https://docs.aws.amazon.com/workspaces/latest/use… | patchrelease-notes |
| https://docs.aws.amazon.com/workspaces/latest/use… | patchrelease-notes |
| https://docs.aws.amazon.com/appstream2/latest/dev… | patchrelease-notes |
| https://docs.aws.amazon.com/dcv/latest/adminguide… | patchrelease-notes |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Amazon | WorkSpaces Client |
Affected:
5.0.0 , < 5.21.0
(semver)
|
|
| Amazon | WorkSpaces Client |
Affected:
2023.0 , < 2024.2
(semver)
|
|
| Amazon | AppStream 2.0 Client |
Affected:
1.1.1025 , < 1.1.1332
(semver)
|
|
| Amazon | DCV Client |
Affected:
0 , < 2023.1.6703
(semver)
|
|
| Amazon | DCV Client |
Affected:
2020.2.7459 , < 2023.1.9127
(semver)
|
|
| Amazon | WorkSpaces Client |
Affected:
5.5.0 , < 5.21.0
(semver)
|
|
| Amazon | DCV Client |
Affected:
2020.2.2078 , < 2023.1.6703
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T19:16:44.671374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:20.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "5.21.0",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "2023.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AppStream 2.0 Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "1.1.1332",
"status": "affected",
"version": "1.1.1025",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.6703",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.9127",
"status": "affected",
"version": "2020.2.7459",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "5.21.0",
"status": "affected",
"version": "5.5.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.6703",
"status": "affected",
"version": "2020.2.2078",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle."
}
],
"value": "An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:54:46.403Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-001/"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-0500",
"datePublished": "2025-01-15T18:20:33.468Z",
"dateReserved": "2025-01-15T17:34:09.099Z",
"dateUpdated": "2025-10-14T18:54:46.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0500 (GCVE-0-2025-0500)
Vulnerability from nvd – Published: 2025-01-15 18:20 – Updated: 2025-10-14 18:54
VLAI
Title
Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients
Summary
An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-295 - Improper Certificate Validation
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://aws.amazon.com/security/security-bulletin… | vendor-advisory |
| https://docs.aws.amazon.com/workspaces/latest/use… | patchrelease-notes |
| https://docs.aws.amazon.com/workspaces/latest/use… | patchrelease-notes |
| https://docs.aws.amazon.com/workspaces/latest/use… | patchrelease-notes |
| https://docs.aws.amazon.com/appstream2/latest/dev… | patchrelease-notes |
| https://docs.aws.amazon.com/dcv/latest/adminguide… | patchrelease-notes |
Impacted products
7 products
| Vendor | Product | Version | |
|---|---|---|---|
| Amazon | WorkSpaces Client |
Affected:
5.0.0 , < 5.21.0
(semver)
|
|
| Amazon | WorkSpaces Client |
Affected:
2023.0 , < 2024.2
(semver)
|
|
| Amazon | AppStream 2.0 Client |
Affected:
1.1.1025 , < 1.1.1332
(semver)
|
|
| Amazon | DCV Client |
Affected:
0 , < 2023.1.6703
(semver)
|
|
| Amazon | DCV Client |
Affected:
2020.2.7459 , < 2023.1.9127
(semver)
|
|
| Amazon | WorkSpaces Client |
Affected:
5.5.0 , < 5.21.0
(semver)
|
|
| Amazon | DCV Client |
Affected:
2020.2.2078 , < 2023.1.6703
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0500",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-15T19:16:44.671374Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:20.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "5.21.0",
"status": "affected",
"version": "5.0.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2024.2",
"status": "affected",
"version": "2023.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "AppStream 2.0 Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "1.1.1332",
"status": "affected",
"version": "1.1.1025",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.6703",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.9127",
"status": "affected",
"version": "2020.2.7459",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "WorkSpaces Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "5.21.0",
"status": "affected",
"version": "5.5.0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "DCV Client",
"vendor": "Amazon",
"versions": [
{
"lessThan": "2023.1.6703",
"status": "affected",
"version": "2020.2.2078",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle."
}
],
"value": "An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle."
}
],
"impacts": [
{
"capecId": "CAPEC-94",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-94 Adversary in the Middle (AiTM)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T18:54:46.403Z",
"orgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"shortName": "AMZN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://aws.amazon.com/security/security-bulletins/AWS-2025-001/"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html"
},
{
"tags": [
"patch",
"release-notes"
],
"url": "https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ff89ba41-3aa1-4d27-914a-91399e9639e5",
"assignerShortName": "AMZN",
"cveId": "CVE-2025-0500",
"datePublished": "2025-01-15T18:20:33.468Z",
"dateReserved": "2025-01-15T17:34:09.099Z",
"dateUpdated": "2025-10-14T18:54:46.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}