vulnerability
Amazon Linux AMI 2: CVE-2025-4673: Security patch for amazon-cloudwatch-agent, amazon-ecr-credential-helper, amazon-ssm-agent, containerd, docker, ecs-init, golang, golist, nerdctl, oci-add-hooks, runc, runfinch-finch, soci-snapshotter (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:C/I:N/A:N) | Jun 11, 2025 | Jun 25, 2025 | May 20, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:C/I:N/A:N)
Published
Jun 11, 2025
Added
Jun 25, 2025
Modified
May 20, 2026
Description
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Solutions
amazon-linux-ami-2-upgrade-amazon-cloudwatch-agentamazon-linux-ami-2-upgrade-amazon-ecr-credential-helperamazon-linux-ami-2-upgrade-amazon-ecr-credential-helper-debuginfoamazon-linux-ami-2-upgrade-amazon-ssm-agentamazon-linux-ami-2-upgrade-containerdamazon-linux-ami-2-upgrade-containerd-debuginfoamazon-linux-ami-2-upgrade-containerd-stressamazon-linux-ami-2-upgrade-dockeramazon-linux-ami-2-upgrade-docker-debuginfoamazon-linux-ami-2-upgrade-ecs-initamazon-linux-ami-2-upgrade-golangamazon-linux-ami-2-upgrade-golang-binamazon-linux-ami-2-upgrade-golang-docsamazon-linux-ami-2-upgrade-golang-miscamazon-linux-ami-2-upgrade-golang-sharedamazon-linux-ami-2-upgrade-golang-srcamazon-linux-ami-2-upgrade-golang-testsamazon-linux-ami-2-upgrade-golistamazon-linux-ami-2-upgrade-golist-debuginfoamazon-linux-ami-2-upgrade-nerdctlamazon-linux-ami-2-upgrade-nerdctl-debuginfoamazon-linux-ami-2-upgrade-oci-add-hooksamazon-linux-ami-2-upgrade-oci-add-hooks-debuginfoamazon-linux-ami-2-upgrade-runcamazon-linux-ami-2-upgrade-runc-debuginfoamazon-linux-ami-2-upgrade-runfinch-finchamazon-linux-ami-2-upgrade-soci-snapshotter
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.