CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Cloud Security

Docker Desktop Vulnerability Leads to Host Compromise

A critical vulnerability in Docker Desktop allows attackers to modify the filesystem of Windows hosts to become administrators. The post Docker Desktop Vulnerability Leads to Host Compromise appeared first on SecurityWeek.

AWS re:Invent 2025 security products

A critical vulnerability in Docker Desktop allows attackers to control containers, mount the host’s file system, and modify it to escalate their privileges to those of an administrator.

Tracked as CVE-2025-9074 (CVSS score of 9.3), the flaw is a container escape issue that impacts the Windows and macOS iterations of the application.

“A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted. This could allow unauthorized access to user files on the host system,” Docker notes in its advisory.

The security defect can be triggered regardless of whether Enhanced Container Isolation (ECI) is enabled or not. Patches for the bug were included in Docker Desktop version 4.44.3.

The vulnerability, security researcher Felix Boulet explains, exists because, in the vulnerable application versions, any container can access Docker’s internal HTTP API without authentication.

This, Boulet says, allows an attacker to connect to the API using the internal IP address, create and start a privileged container, and then mount the host’s file system, gaining full access to the host.

The Docker Engine socket, which is the management API for Docker, should not be exposed to untrusted code or users, as it “grants full access to everything the docker application can do”, white-hat hacker Philippe Dugre says.

On Windows, he explains, an attacker could exploit the flaw to mount the host’s file system and overwrite a system DLL to obtain administrative privileges on the host.

The macOS version of the application can be exploited to take full control of other containers, or to backdoor the Docker app by mounting and modifying its configuration.

“On macOS, however, the Docker Desktop application still has a layer of isolation and trying to mount a user directory prompts the user for permission. By default, the docker application does not have access to the rest of the filesystem and does not run with administrative privileges,” Dugre notes.

He also warns that CVE-2025-9074 is very easy to exploit, albeit it requires that the Docker engine runs on Windows or macOS (most production systems run Linux) and that the attacker has access to the socket.

The attacker can either use a malicious container to mount the attack, or rely on a server-side request forgery (SSRF) attack, proxying requests through a vulnerable application.

Related: High-Severity Vulnerabilities Patched in Chrome, Firefox

Related: Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products

Related: No Patch for Flaw Exposing Hundreds of LG Cameras to Remote Hacking

Related: Akamai, Microsoft Disagree on Severity of Unpatched ‘BadSuccessor’ Flaw

Latest News

CYBERNEWSMEDIAPublisher