310/68 Wednesday, August 27, 2025
Docker has released a security update to address a critical vulnerability, CVE-2025-9074, with a CVSS score of 9.3, affecting Docker Desktop on both Windows and macOS. The flaw allows attackers to perform a Container Escape-gaining unauthorized access from within a container to the host system. The vulnerability has been fixed in Docker Desktop version 4.44.3.
Technical Details
Security researcher Felix Boulet explained that the vulnerability stems from the fact that containers could access the Docker Engine API at 192.168.65[.]7:2375 without authentication. This allows a malicious container to escalate privileges and access files on the host. In a proof-of-concept (PoC), it was demonstrated that simply sending a web request from a container could be used to spawn a new container and bind the host’s drive (e.g., C:\), enabling read/write access to host files.
Notably, this issue bypasses Enhanced Container Isolation (ECI). Researcher Philippe Dugré (zer0x64) from PVOTAL Technologies added that on Windows, attackers can achieve administrator-level privileges by mounting the host’s file system. On macOS, although there is an extra protection layer (such as requiring user consent to access specific directories), attackers can still control the Docker application and containers, even placing backdoors by modifying configuration files that do not require elevated permissions.
This vulnerability does not affect Linux, as it uses a Named Pipe instead of a TCP socket for Docker Engine API communications.
Exploitation Risk and Recommendations
Researchers warn that the vulnerability is easily exploitable-either through the creation of malicious containers or via Server-Side Request Forgery (SSRF) attacks to reach the Docker socket API. Docker strongly advises all users to update to the latest version immediately to mitigate the risk of exploitation, as successful attacks could lead to sensitive data exposure and full host system compromise.
Source https://thehackernews.com/2025/08/docker-fixes-cve-2025-9074-critical.html
