AWS ECS Agent Information Disclosure Vulnerability
Published Thu, Aug 14th, 2025
Platforms
Summary
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host. This information disclosure issue, if exploited, could allow another instance in the same security group to access the server's data. The vulnerability does not affect instances where off-host access is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
Affected Services
ECS
Remediation
Users can update the Amazon ECS agent to version 1.97.1 or later. If updating is not an option, customers can restrict incoming access to the introspection server port (51678) by modifying their Amazon EC2 security groups.
Tracked CVEs
CVE-2025-9039
References
Contributed by https://github.com/korniko98
Entry Status
Finalized
Disclosure Date
Thu, Aug 14th, 2025
Exploitability Period
-
Known ITW Exploitation
-
Detection Methods
To detect if you are running a vulnerable version, check if your ECS agent is version 1.97.0 or earlier. You should also check for any anomalous network activity targeting the introspection server port (51678) in your security group.
Piercing Index Rating
-
Discovered by
Amazon Web Services
