CVE-2025-9039 is a medium-severity vulnerability affecting the Amazon Elastic Container Service (ECS) agent, specifically versions including 0.0.3. The issue arises from insecure inherited permissions and incorrect use of privileged APIs (CWE-277 and CWE-648), which allow an introspection server hosted by the ECS agent to be accessed off-host by other EC2 instances under certain network conditions. Specifically, if multiple instances reside within the same security group or if their security groups permit incoming connections on the introspection server's port (51678), an attacker controlling another instance in the same environment could connect to this introspection server. This server typically provides internal ECS agent data and diagnostic information, which could potentially expose sensitive operational details or enable further attacks. The vulnerability does not affect instances where the ECS agent's option to allow off-host introspection server access is disabled (set to 'false'). The flaw stems from overly permissive network access controls combined with the ECS agent's handling of privileged API calls, leading to unauthorized lateral access within cloud environments. Amazon has addressed this vulnerability in ECS agent version 1.97.1, recommending upgrades to this or later versions. For customers unable to upgrade immediately, mitigating controls include restricting inbound traffic on port 51678 via EC2 security group rules to prevent unauthorized off-host access. The CVSS 4.0 base score is 5.3, reflecting a network attack vector with low complexity, no required privileges or user interaction, and limited confidentiality impact. No known exploits are currently reported in the wild.

For European organizations leveraging Amazon ECS for container orchestration, this vulnerability poses a risk of lateral movement within cloud environments. An attacker who gains control of one EC2 instance could exploit this flaw to access the introspection server on other instances within the same security group, potentially gathering sensitive ECS agent data or internal metadata. This could facilitate reconnaissance, privilege escalation, or further compromise of container workloads. Given the widespread adoption of AWS in Europe, especially among enterprises and public sector entities, the vulnerability could impact critical infrastructure and services if exploited. The risk is heightened in multi-tenant or shared environments where security group configurations are permissive or misconfigured. However, the impact is somewhat mitigated by the need for the attacker to already have access to an instance in the same security group and the absence of direct code execution or data exfiltration from the introspection server alone. Nonetheless, the vulnerability undermines the isolation guarantees expected in cloud container deployments, which is a significant concern for compliance with European data protection regulations and cloud security best practices.

European organizations should prioritize upgrading their Amazon ECS agents to version 1.97.1 or later to incorporate the official fix. For environments where immediate upgrade is not feasible, security teams must audit and tighten EC2 security group rules to explicitly block inbound traffic on port 51678, ensuring that only authorized management hosts can access the introspection server if needed. Additionally, organizations should review and enforce the ECS agent configuration to disable off-host introspection server access unless explicitly required. Implementing network segmentation and least privilege principles within AWS VPCs will further reduce the attack surface. Continuous monitoring for unusual network connections on port 51678 and ECS agent logs can help detect attempted exploitation. Finally, organizations should incorporate this vulnerability into their incident response and threat hunting playbooks to quickly identify and remediate any signs of lateral movement within ECS environments.