CVE-2025-0500

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-0500
CWE	https://cwe.mitre.org/data/definitions/295.html

An issue in the native clients for Amazon WorkSpaces (when running Amazon DCV protocol), Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Potential Mitigations

https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/475.html

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-001/
https://docs.aws.amazon.com/appstream2/latest/developerguide/client-release-versions.html
https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2023-1-16388jul
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes

Improper Certificate Validation

Weakness

Potential Mitigations

Related Attack Patterns

References