Primary

Context

AWS Research and Engineering Studio Virtual Desktop Preview Access Vulnerability

Vulnerability

A vulnerability in the Virtual Desktop preview page of the Research and Engineering Studio (RES) on AWS, prior to version 2025.09, allows an authenticated remote user to access another user's active desktop session metadata. This includes periodic desktop preview screenshots. The issue arises from an ownership verification flaw that permits users to see desktops belonging to others with similar username patterns, regardless of actual permissions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to desktop session metadata, including screenshots, from other users.

Remediation

Users should upgrade to RES version 2025.09 or later. Instructions for updating can be found in the release notes on the RES GitHub repository.

Added: Nov 6, 2025, 6:35 PM

Updated: Nov 6, 2025, 7:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AWS Research and Engineering Studio Virtual Desktop Preview Access Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating