CVE-2025-0500

High

Published: 15 January 2025

Published

15 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0029 52.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0500 is a high-severity Improper Certificate Validation (CWE-295) vulnerability in Amazon WorkSpaces (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Adversary-in-the-Middle (T1557); ranked in the top 47.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SC-8 (Transmission Confidentiality and Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Adversary-in-the-Middle (T1557). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

Directly protects the authenticity of remote sessions against man-in-the-middle attacks exploiting the vulnerability in Amazon DCV protocol clients.

SC-8 Transmission Confidentiality and Integrity good match

prevent

Implements cryptographic mechanisms to ensure transmission confidentiality and integrity, mitigating unauthorized access to remote sessions via MitM interception or modification.

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the specific flaw in native clients for Amazon WorkSpaces, AppStream 2.0, and DCV clients through patching as per AWS guidance.

MITRE ATT&CK Enterprise TechniquesAI

T1557 Adversary-in-the-Middle Credential Access

Adversaries may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique to support follow-on behaviors such as [Network Sniffing](https://attack.

attack.mitre.org →

Why these techniques?

CWE-295 improper certificate validation directly enables adversary-in-the-middle attacks against remote session clients.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.

Deeper analysisAI

CVE-2025-0500, published on 2025-01-15, affects the native clients for Amazon WorkSpaces when running the Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients. The vulnerability, linked to CWE-295, involves an issue that may allow an attacker to access remote sessions via a man-in-the-middle attack. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating high impact on confidentiality, integrity, and availability.

A remote attacker with no required privileges can exploit this over the network, though exploitation demands high attack complexity and user interaction. By performing a man-in-the-middle attack, the attacker can gain unauthorized access to remote sessions, compromising the targeted systems.

AWS security bulletin AWS-2025-001 addresses the issue, with updated release notes available for Amazon AppStream 2.0 clients, Amazon DCV (including version 2023-1-16388jul), and Amazon WorkSpaces clients for Linux and macOS. Mitigation involves updating to the latest client versions as documented in these resources.