Cyber Resilience

CVE-2025-0500

High

Published: 15 January 2025

Published
15 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0039 60.7th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0500 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Amazon WorkSpaces (inferred from references). Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked in the top 39.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SC-8 (Transmission Confidentiality and Integrity).

Deeper analysis

CVE-2025-0500, published on 2025-01-15, affects the native clients for Amazon WorkSpaces when running the Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients. The vulnerability, linked to CWE-295, involves an issue that may allow an attacker to access remote sessions via a man-in-the-middle attack. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

A remote attacker with no required privileges can exploit this over the network, though exploitation demands high attack complexity and user interaction. By performing a man-in-the-middle attack, the attacker can gain unauthorized access to remote sessions, compromising the targeted systems.

AWS security bulletin AWS-2025-001 addresses the issue, with updated release notes available for Amazon AppStream 2.0 clients, Amazon DCV (including version 2023-1-16388jul), and Amazon WorkSpaces clients for Linux and macOS. Mitigation involves updating to the latest client versions as documented in these resources.

EU & UK References

Vulnerability details

An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access
Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.
Why these techniques?

CWE-295 improper certificate validation directly enables adversary-in-the-middle attacks against remote session clients.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-31854Shared CWE-295
CVE-2024-47258Shared CWE-295
CVE-2026-32627Shared CWE-295
CVE-2024-55581Shared CWE-295
CVE-2025-11043Shared CWE-295
CVE-2024-50691Shared CWE-295
CVE-2024-29171Shared CWE-295
CVE-2025-9293Shared CWE-295
CVE-2025-66001Shared CWE-295
CVE-2026-1530Shared CWE-295

Affected Assets

Amazon
WorkSpaces
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly protects the authenticity of remote sessions against man-in-the-middle attacks exploiting the vulnerability in Amazon DCV protocol clients.

prevent

Implements cryptographic mechanisms to ensure transmission confidentiality and integrity, mitigating unauthorized access to remote sessions via MitM interception or modification.

prevent

Requires timely remediation of the specific flaw in native clients for Amazon WorkSpaces, AppStream 2.0, and DCV clients through patching as per AWS guidance.

References