CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-9039 - Issue with Amazon ECS agent introspection server

unknownCVE-2025-9039
Bulletin ID: AWS-2025-018 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/08/14 09:15 PM PDT Description: Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an introspection API that provides information about the overall state of the Amazon ECS agent and the container instances. We identified CVE-2025-9039, an issue in the Amazon ECS agent. Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow inbound connections to the introspection server port. This issue does not affect instances where the option to allow off-host access to the introspection server is set to "false". Affected versions: ECS Agent versions 0.0.3 through 1.97.0

CSIRTS triage

What
An issue in the Amazon ECS agent could allow off-host access to the introspection server under certain conditions.
Who is affected
Customers using Amazon ECS with instances in the same security group.
Urgency
Remediation is important to prevent unauthorized access to the introspection server.
Action
Review security group settings to restrict access.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch ECS

Get an email when a new ECS advisory drops — max one per day, one-click unsubscribe.

Details

Source
AWS Security Bulletins (INTL · vendor-psirt · site)
Severity
unknown
Published
2026-06-05
Exploitation
Not in CISA KEV at last sync

Original advisory: https://aws.amazon.com/security/security-bulletins/rss/aws-2025-018/

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2025-9039coverage & exploitation statusNVD · CVE.org

More from AWS Security Bulletins