Privilege Escalation Vulnerability in Docker CLI for Windows
CVE-2025-15558

7HIGH

Key Information:

Vendor

Docker

Status
Docker Cli
Compose
Vendor
CVE Published:
4 March 2026

What is CVE-2025-15558?

The Docker CLI for Windows is susceptible to a privilege escalation vulnerability due to improper handling of plugin binaries. A low-privileged attacker could exploit this vulnerability by creating a directory at C:\ProgramData\Docker\cli-plugins and inserting malicious binaries. When a victim user interacts with the Docker CLI or Docker Desktop, these malicious plugins could be executed, potentially elevating privileges if the Docker CLI is in use by a privileged user. It is important to note that this vulnerability affects only Windows binaries that utilize the CLI plugin manager and does not impact non-Windows binaries or projects that don't rely on the plugin-manager code.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Docker CLI Windows 29.2.0

Compose Windows 5.1.0

References

https://docs.docker.com/desktop/release-notes/
https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
third-party-advisory
https://github.com/docker/cli/pull/6713
patch

CVSS V4

Score:
7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI
JSON
.