Vulnerability DatabaseCVE-2025-12815
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2025-12815
November 06, 2025
An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. To mitigate this issue, users should upgrade to version 2025.09 or above.
Affected Packages
https://github.com/aws/res.git (SCM_GIT):
Affected version(s) >=2023.11 <2025.09
Fix Suggestion:
Update to version 2025.09
Related ResourcesĀ (3)
https://aws.amazon.com/security/security-bulletins/AWS-2025-026/
https://github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv
https://github.com/aws/res/releases/tag/2025.09
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
LOW
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
4.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Weakness Type (CWE)
Unverified Ownership
CWE-283
EPSS
Base Score:
0.05