Primary

Context

AWS Client VPN Windows Client Local Privilege Escalation Vulnerability

Vulnerability

Patched

A local privilege escalation vulnerability has been identified in the AWS Client VPN Windows client. During installation, the process references a specific directory to retrieve the OpenSSL configuration file. This allows a non-administrative user to insert arbitrary code into the configuration file. If an administrative user then initiates the installation, the inserted code could be executed with elevated privileges. This vulnerability is not present in the Linux or Mac versions of the client.

Impact

Exploitation of this vulnerability allows for local privilege escalation, where a non-admin user can execute code with administrative rights during the AWS Client VPN installation process.

Remediation

Users are advised to upgrade to AWS Client VPN version 5.2.2 or later. For those using versions prior to 5.2.2, it is recommended to discontinue any new installations of the AWS Client VPN Windows client.

Added: Jul 23, 2025, 4:17 PM

Updated: Jul 23, 2025, 4:17 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

3.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AWS Client VPN Windows Client Local Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Amazon AWS Client VPN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating