Home > Vulnerability Database > CVE-2025-12815

Mend.io Vulnerability Database

CVE-2025-12815

Good to know:

Date: November 6, 2025

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-12815

Url: https://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv

Url: https://github.com/aws/res/releases/tag/2025.09

Url: https://aws.amazon.com/security/security-bulletins/AWS-2025-026/

Url: https://www.mend.io/vulnerability-database/CVE-2025-12815

Severity Score

4.3

Weakness Type (CWE)

Unverified Ownership

CWE-283

Top Fix

Upgrade Version

Upgrade to version https://github.com/aws/res.git - 2025.09

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-12815

Good to know:

Date: November 6, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?