Docker Desktop Vulnerability Allows Unauthorized Access to Docker Engine API
CVE-2025-9074

9.3CRITICAL

Key Information:

Vendor

Docker

Status
Docker Desktop
Vendor
CVE Published:
20 August 2025

Badges

🥇 Trended No. 1📈 Trended📈 Score: 7,660👾 Exploit Exists🟡 Public PoC📰 News Worthy

What is CVE-2025-9074?

CVE-2025-9074 is a vulnerability found in Docker Desktop, a popular application used for developing, shipping, and running applications within containers. The primary purpose of Docker Desktop is to provide an easy way to manage Docker containers on desktops, thereby streamlining development workflows. This vulnerability allows local running Linux containers to gain unauthorized access to the Docker Engine API through the preconfigured Docker subnet. It affects configurations regardless of whether Enhanced Container Isolation (ECI) or the option to expose the daemon on a TCP socket without TLS is enabled.

The implications of this vulnerability are significant. Attackers exploiting this flaw could execute a wide range of privileged commands via the Docker Engine API—these actions include managing existing containers, creating new containers, and altering images. Furthermore, under certain circumstances, such as when operating Docker Desktop for Windows with a Windows Subsystem for Linux (WSL) backend, attackers might also gain the ability to mount the host drive with the same permissions as the user running Docker Desktop. This level of access poses considerable risks to system integrity and confidentiality within an organization.

Potential impact of CVE-2025-9074

  1. Unauthorized Access and Control: The vulnerability may enable malicious actors to gain control over the Docker Engine API, allowing them to manipulate existing containers, potentially executing arbitrary commands or disrupting services.

  2. Data Exposure: With the capability to mount the host drive with user privileges, attackers could gain access to sensitive data stored on the host system, leading to potential data breaches and loss of confidentiality.

  3. Operational Disruption: By exploiting this vulnerability, attackers could disrupt the operations of applications that rely on Docker containers, leading to downtime or degraded performance, which in turn affects business operations and customer satisfaction.

Affected Version(s)

Docker Desktop Windows 4.25 < 4.44.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-9074
Created by j3r1ch0123

News Articles

favicon imageThe Hacker News

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker patched CVE-2025-9074 (CVSS 9.3), a flaw enabling container escape via unauthenticated API, risking host takeover.

3 weeks ago

favicon imageBleepingComputer

Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active.

3 weeks ago

References

https://docs.docker.com/desktop/release-notes/#4443

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • 📈

    Vulnerability started trending

  • Vulnerability published

  • Vulnerability Reserved

Credit

Felix Boulet
zer0x64 (Philippe Dugre)
.
CVE-2025-9074 : Docker Desktop Vulnerability Allows Unauthorized Access to Docker Engine API