What is AWS-2025-026?

AWS-2025-026 is a security advisory published by AWS Security Bulletins. CVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to

Which CVE IDs does AWS-2025-026 cover?

AWS-2025-026 covers the following CVE IDs: CVE-2025-12815. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

AWS-2025-026

CVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to

Vendor

AWS Security Bulletins

Published

November 6, 2025

Last Modified

—

🔗 CVE IDs covered (1)

CVE-2025-12815 →

📋 Description

Bulletin ID: AWS-2025-026 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/6 09:15 AM PDT Description: Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. We identified CVE-2025-12815, in which an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots. Impacted versions:

🔗 References (1)

advisoryhttps://aws.amazon.com/security/security-bulletins/rss/aws-2025-026/