CVE-2025-9039
Bulletin ID: AWS-2025-018 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/08/14 09:15 PM PDT Description: Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an introspection API that provides information about the overall state of the Amazon ECS agent and the container instances. We identified CVE-2025-9039, an issue in the Amazon ECS agent. Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow inbound connections to the introspection server port. This issue does not affect instances where the option to allow off-host access to the introspection server is set to "false". Affected versions: ECS Agent versions 0.0.3 through 1.97.0
CSIRTS triage
- What
- An issue in the Amazon ECS agent could allow off-host access to the introspection server under certain conditions.
- Who is affected
- Customers using Amazon ECS with instances in the same security group.
- Urgency
- Remediation is important to prevent unauthorized access to the introspection server.
- Action
- Review security group settings to restrict access.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2025-9039
Get an email if CVE-2025-9039 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all EPSS-scored CVEs.
Advisory coverage (1)
- unknownCVE-2025-9039 - Issue with Amazon ECS agent introspection serveraws · 2026-06-05
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2025-9039)