EXECUTIVE SUMMARY:
A vulnerability, CVE-2025-12779, identified in the WorkSpaces client for Linux can allow a local, unintended user on a shared system to extract valid authentication tokens for DCV-based WorkSpaces and use them to access another users virtual WorkSpace, potentially exposing files, applications, and internal systems; the flaw affects client versions and has been fixed in version, so Linux users should upgrade immediately to obtain the secure token handling and improved session isolation that mitigate this risk in multi-user environments such as corporate terminals, shared virtual machines, and endpoint-client deployments. It reinforces protection around sensitive authentication data to prevent token exposure on shared hosts. Applying the patched version is essential to maintain secure WorkSpaces access and reduce lateral movement risks in multi-user Linux environments. The vulnerability has a CVSS score of 8.8.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details: