AWS Updates - 2025-11-05

AWS Security Bulletins

Improper authentication token handling in the Amazon WorkSpaces client for Linux

• Link: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-025/
• Published: 2025-11-05

Bulletin ID: AWS-2025-025
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/11/5 13:20 PM PDT

Description:

We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user’s WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions.

Impacted versions: Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8

CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues

• Link: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-024/
• Published: 2025-11-05

Bulletin ID: AWS-2025-024
Scope: AWS
Content Type: Important (requires attention)
Publication Date: 2025/11/5 8:45 PM PDT

CVE Identifiers: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881

AWS is aware of recently disclosed security issues affecting the runc component of several open source container management systems (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) when launching new containers. AWS does not consider containers a security boundary, and does not utilize containers to isolate customers from each other. There is no cross-customer risk from these issues. AWS customers that utilize containers to isolate workloads within their own self-managed environments are strongly encouraged to contact their operating system vendor for any updates or instructions necessary to mitigate any potential concerns arising from these issues.

With the exception of the AWS services listed below, no customer action is required to address this issue. As a best practice, AWS always recommends that you apply all security patches and software version updates.

Affected services:

Amazon Linux
Bottlerocket
Amazon Elastic Container Service (ECS)
Amazon Elastic Kubernetes Service (EKS)
AWS Elastic Beanstalk
Finch
AWS Deep Learning AMI
AWS Batch
Amazon SageMaker