CVE-2025-0501

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-0501
CWE	https://cwe.mitre.org/data/definitions/295.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-0501

CWE

https://cwe.mitre.org/data/definitions/295.html

An issue in the native clients for Amazon WorkSpaces (when running PCoIP protocol) may allow an attacker to access remote sessions via man-in-the-middle.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Potential Mitigations

https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/475.html

References

https://aws.amazon.com/security/security-bulletins/AWS-2025-001/
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-android-client.html#android-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-linux-client.html#linux-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-osx-client.html#osx-release-notes
https://docs.aws.amazon.com/workspaces/latest/userguide/amazon-workspaces-windows-client.html#windows-release-notes

Improper Certificate Validation

Weakness

Potential Mitigations

Related Attack Patterns

References