CVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to

2025 026 ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions < 2025.09
Regions all
CVE IDs CVE-2025-12815
Migration Required Yes
Cost Impact Neutral
IaC Impact High

What This Means

For DevOps Teams

Update RES to version 2025.09 to address CVE-2025-12815, which allows viewing of unauthorized desktop session metadata and screenshots.

For Platform Teams

Deploy the latest RES version to incorporate security fixes and prevent unauthorized access to sensitive desktop session data.

For Executives

Implement the RES version 2025.09 update to mitigate the risk of unauthorized access to virtual desktop previews, ensuring data security and compliance.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.