CVE-2025-0501 Issue affecting Amazon WorkSpaces Clients (when running PCoIP protocol)

An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle...

CVE-2025-0501

CVE-2025-0501 affects the native Amazon WorkSpaces clients (PCoIP) and is described as allowing an attacker to access remote sessions via man‑in‑the‑middle, due to a trust management issue (as noted by multiple sources). The issue is associated with high impact across confidentiality, integrity, ...

CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients

An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...

CVE-2025-0500

CVE-2025-0500 describes a man-in-the-middle vulnerability in the native clients for Amazon WorkSpaces (DCV), Amazon AppStream 2.0, and Amazon DCV clients that could allow an attacker to access remote sessions. Connected sources enumerate concrete vulnerable components/versions: Amazon AppStream 2...

CVE-2025-0500 Issue affecting Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV clients

An issue in the native clients for Amazon WorkSpaces when running Amazon DCV protocol, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle...

Amazon WorkSpaces 信任管理问题漏洞

Amazon WorkSpaces is a fully managed persistent desktop virtualization service from Amazon.com, Inc. that allows your users to access the data, applications, and resources they need anytime, anywhere, from any supported device. Amazon WorkSpaces is vulnerable to a trust management issue that stem...

Amazon多款产品 信任管理问题漏洞

Amazon WorkSpaces and others are products of Amazon.com, Inc.Amazon WorkSpaces is a fully hosted, persistent desktop virtualization service that gives your users access to the data, applications, and resources they need, anytime, anywhere, from any supported device.Amazon AppStream is an...

PT-2025-3927 · Amazon · Amazon Workspaces

Name of the Vulnerable Software and Affected Versions: Amazon WorkSpaces affected versions not specified Description: An issue in the native clients for Amazon WorkSpaces when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle. Recommendations: At the...

PT-2025-3926 · Amazon · Amazon Appstream 2.0 +2

Name of the Vulnerable Software and Affected Versions: Amazon WorkSpaces affected versions not specified Amazon AppStream 2.0 affected versions not specified Amazon DCV Clients affected versions not specified Description: An issue in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0,...

CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...

CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...

Code injection

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...

CVE-2022-1805

CVE-2022-1805 describes a MITM risk in Teradici PCoIP Zero Clients when connecting to Amazon Workspaces: the SHA256 presented by the AWS Connection Configurator is not fully verified by the Zero Client, allowing potential interception between the Zero Client and the AWS session provisioner. The i...

CVE-2022-1805

When connecting to Amazon Workspaces, the SHA256 presented by AWS connection provisioner is not fully verified by Zero Clients. The issue could be exploited by an adversary that places a MITM Man in the Middle between a zero client and AWS session provisioner in the network. This issue is only...

Teradici PCoIP Zero Clients 信任管理问题漏洞

Teradici PCoIP Zero Clients is an ultra-secure endpoint from Teradici Canada. It uses a highly integrated, specialized processor to transmit pixels, not data, to the user's desktop. A trust management issue vulnerability exists in Teradici PCoIP Zero Clients Firmware version 22.01.5, 22.04.1 and...

PT-2022-14126 · Teradici · Pcoip Zero Client

Name of the Vulnerable Software and Affected Versions: PCoIP Zero Client affected versions not specified Description: The issue arises when connecting to Amazon Workspaces, as the SHA256 presented by the AWS connection provisioner is not fully verified by Zero Clients. This could be exploited by ...

AWS, Other Cloud Services Affected by Flaws in Eltima SDK

Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, amo...

Amazon WorkSpaces integer overflow vulnerability

Amazon Workspaces is a fully managed persistent desktop virtualization service from Amazon that lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. Amazon Workspaces is vulnerable to an integer overflow vulnerability that could be...

CVE-2021-43637

Amazon WorkSpaces agent is affected by Buffer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Packet...

CVE-2021-43638

Amazon Amazon WorkSpaces agent is affected by Integer Overflow. IOCTL Handler 0x22001B in the Amazon WorkSpaces agent below v1.0.1.1537 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service memory corruption and OS crash via specially crafted I/O Request Pack...