CVE-2025-0725 — Vulnetix

CVE-2025-0725 PUBLISHED

EPSS 0.60% · 69.9th percentile

Risk Scores

EPSS Score

0.60%

69.9th percentile

Affected Products

Vendor	Product	Versions
Amazon	ecs-service-connect-agent

Exploit Intelligence

CVE-2025-0725: Heap overflow in curl with Content-Encoding gzip and old libz versions (hackerone)
CVE-2025-0725: gzip integer overflow (hackerone)
CVE-2025-0725: Heap overflow in curl with Content-Encoding gzip and old libz versions (hackerone)
CVE-2025-0725: gzip integer overflow (hackerone)
CVE-2025-0725: gzip integer overflow (hackerone)
CVE-2025-0725: Heap overflow in curl with Content-Encoding gzip and old libz versions (hackerone)
https://hackerone.com/reports/2956023 (osv)
CVE-2025-38062.yara (github-yara)
test_scrapers.py (github-poc)
CVE-2025-38062.yara (github-yara)

…and 19 more exploits

Timeline

CVE Published
Feb 5, 2025 PoC Published
Feb 6, 2025 EPSS Score
Feb 22, 2025 Coalition ESS Score
Mar 8, 2025 EPSS Score
Mar 16, 2025 Coalition ESS Score
Mar 19, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 25, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 6, 2025 EPSS Score
Apr 27, 2025 PoC Published

References

ALAS2ECS-2025-093: ecs-service-connect-agent (important) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›