A essential vulnerability in Docker Desktop permits attackers to regulate containers, mount the host’s file system, and modify it to escalate their privileges to these of an administrator.
Tracked as CVE-2025-9074 (CVSS rating of 9.3), the flaw is a container escape situation that impacts the Home windows and macOS iterations of the applying.
“A malicious container working on Docker Desktop might entry the Docker Engine and launch further containers with out requiring the Docker socket to be mounted. This might permit unauthorized entry to consumer recordsdata on the host system,” Docker notes in its advisory.
The safety defect will be triggered no matter whether or not Enhanced Container Isolation (ECI) is enabled or not. Patches for the bug have been included in Docker Desktop model 4.44.3.
The vulnerability, safety researcher Felix Boulet explains, exists as a result of, within the susceptible software variations, any container can entry Docker’s inner HTTP API with out authentication.
This, Boulet says, permits an attacker to connect with the API utilizing the inner IP tackle, create and begin a privileged container, after which mount the host’s file system, gaining full entry to the host.
The Docker Engine socket, which is the administration API for Docker, shouldn’t be uncovered to untrusted code or customers, because it “grants full entry to all the things the docker software can do”, white-hat hacker Philippe Dugre says.
On Home windows, he explains, an attacker might exploit the flaw to mount the host’s file system and overwrite a system DLL to acquire administrative privileges on the host.Commercial. Scroll to proceed studying.
The macOS model of the applying will be exploited to take full management of different containers, or to backdoor the Docker app by mounting and modifying its configuration.
“On macOS, nevertheless, the Docker Desktop software nonetheless has a layer of isolation and making an attempt to mount a consumer listing prompts the consumer for permission. By default, the docker software doesn’t have entry to the remainder of the filesystem and doesn’t run with administrative privileges,” Dugre notes.
He additionally warns that CVE-2025-9074 could be very simple to take advantage of, albeit it requires that the Docker engine runs on Home windows or macOS (most manufacturing techniques run Linux) and that the attacker has entry to the socket.
The attacker can both use a malicious container to mount the assault, or depend on a server-side request forgery (SSRF) assault, proxying requests via a susceptible software.
Associated: Excessive-Severity Vulnerabilities Patched in Chrome, Firefox
Associated: Essential Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Merchandise
Associated: No Patch for Flaw Exposing Tons of of LG Cameras to Distant Hacking
Associated: Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw
