What is CVE-2025-12815?

CVE-2025-12815 is a medium-severity vulnerability in Aws Research And Engineering Studio (Res), classified under CWE-283. CVSS score: 4.3/10. Published 2025-11-06.

How severe is CVE-2025-12815?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Aws Research And Engineering Studio (Res)

CVE-2025-12815

An ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, i…

EPSS: 0.000 (15.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Aws Research And Engineering Studio (Res) — versions 2025.09

Weakness classification (CWE)

CWE-283

References

aws.amazon.com/security/security-bulletins/AWS-2025-026/ (vendor-advisory)
github.com/aws/res/releases/tag/2025.09 (patch)
github.com/aws/res/security/advisories/GHSA-x3cx-g8g9-75hv (vendor-advisory)

Frequently asked questions

What is CVE-2025-12815?: CVE-2025-12815 is a medium-severity vulnerability in Aws Research And Engineering Studio (Res), classified under CWE-283. CVSS score: 4.3/10. Published 2025-11-06.
How severe is CVE-2025-12815?: Medium severity. CVSS v3 base score is 4.3 out of 10.