AWS has identified two issues in specific versions of native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV. The issues could allow bad actors to perform man-in-the-middle attacks, accessing remote sessions. AWS has proactively communicated with customers regarding the end of support for the impacted versions. The first issue, CVE-2025-0500, affects specific versions of clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV. The affected versions include Amazon WorkSpaces clients 5.20.0 or earlier, Amazon AppStream 2.0 clients 1.1.1326 or earlier, and Amazon DCV clients 2023.1.8993 or earlier. The issue was fixed in later versions of the clients, including Amazon WorkSpaces clients 5.21.0 or later, Amazon AppStream 2.0 clients 1.1.1332 or later, and Amazon DCV clients 2023.1.9127 or later. The second issue, CVE-2025-0501, affects specific versions of Amazon WorkSpaces clients, including Windows client 5.22.0 or earlier, macOS client 5.22.0 or earlier, Linux client 2024.5 or earlier, and Android client 5.0.0 or earlier. The issue was fixed in later versions of the Amazon WorkSpaces clients, including Windows client 5.22.1 or later, macOS client 5.22.1 or later, Linux client 2024.6 or later, and Android client 5.0.1 or later. Customers are recommended to upgrade to the fixed versions to address the issues. Any security questions or concerns can be directed to [email protected].