AWS Client VPN for Windows Vulnerability Could Allow Privilege Escalation
gbhackersAmazon Web Services has disclosed a critical security vulnerability in its Client VPN software for Windows that could allow non-administrative users to escalate their privileges to root-level access during the installation process.
The vulnerability, tracked as CVE-2025-8069, affects multiple versions of the AWS Client VPN client and has been addressed in the latest software update.
Vulnerability Details
| CVE ID | CVE-2025-8069 |
| Affected Product | AWS Client VPN Windows Client |
| Vulnerability Type | Local Privilege Escalation |
| Severity | Important |
| Publication Date | July 23, 2025, 8:30 AM PDT |
| Affected Versions | 4.1.0, 5.0.0, 5.0.1, 5.0.2, 5.1.0, 5.2.0, 5.2.1 |
| Fixed Version | 5.2.2 |
The vulnerability stems from a flaw in the AWS Client VPN installation process on Windows devices. During installation, the software references a specific directory path at C:\usr\local\windows-x86_64-openssl-localbuild\ssl to retrieve the OpenSSL configuration file.
This design ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE