PT-2025-33310 · Amazon · Amazon Ecs Agent
Mye956
·
Published
2025-08-14
·
Updated
2025-09-10
·
CVE-2025-9039
CVSS v4.0
5.3
Medium
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Amazon ECS agent versions 0.0.3 through 1.97.0
Description:
An issue was identified in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is hosted. This issue does not affect instances where the option to allow off-host access to the introspection server is set to 'false'. The affected component is the introspection API.
Recommendations:
Amazon ECS agent version 0.0.3: Upgrade to version 1.97.1 or later.
Amazon ECS agent versions 1.97.0: Upgrade to version 1.97.1 or later.
For instances that cannot be updated, modify the Amazon EC2 security groups to restrict incoming access to the introspection server port (51678).
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Amazon Ecs Agent