Summary
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
Affected Services
ECS
Remediation
Users can update the Amazon ECS agent to version 1.97.1 or later. If updating is not an option,
customers can restrict incoming access to the introspection server port (51678) by modifying
their Amazon EC2 security groups.
Tracked CVEs
CVE-2025-9039
References
Contributed by https://github.com/korniko98
Entry Status
Finalized
Disclosure Date
Thu, Aug 14th, 2025
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
To detect if you are running a vulnerable version, check if your ECS agent is version 1.97.0 or earlier.
You should also check for any anomalous network activity targeting the introspection server port (51678) in your security group.
Piercing Index Rating
-
Discovered by
Amazon Web Services
