A security issue has been identified in the Amazon WorkSpaces client for Linux, specifically versions 2023.0 to 2024.8. The flaw, designated CVE-2025-12779, involves improper handling of authentication tokens. This vulnerability could allow unauthorized local users on the same machine to access the authentication token for DCV-based WorkSpaces, potentially enabling them to log into another user’s WorkSpace. Amazon has addressed this security concern in version 2025.0 of the WorkSpaces client for Linux. Users running the affected versions should upgrade to this version or later to eliminate the risk. Amazon has also proactively informed customers about the end of support for the compromised client versions, encouraging timely action to ensure security. For any security questions or concerns, users can reach out to Amazon’s security team via email at aws-security@amazon.com.