Ethical Hacking News
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. Patching your system now can prevent unauthorized access to sensitive files and maintain system security.
Docker Desktop for Windows and macOS has a critical vulnerability (CVE-2025-9074) that allows attackers to hijack hosts.The vulnerability is a server-side request forgery (SSRF) exploit that can bypass Enhanced Container Isolation (ECI) protection.An attacker can access user files on the host system without code execution rights.The vulnerability affects Docker Desktop for Windows and macOS, but not Linux version.Docker has released a patch to address the vulnerability in version 4.44.3.Users who rely on Docker Desktop must take immediate action to patch their systems and prevent unauthorized access to sensitive files.
Docker, a popular containerization platform, has recently been rocked by a critical vulnerability that allows attackers to hijack Windows hosts. This devastating flaw has left cybersecurity experts and users alike scrambling to patch their systems before it's too late.
The vulnerability, identified as CVE-2025-9074, is a server-side request forgery (SSRF) exploit that takes advantage of Docker Desktop for Windows and macOS. According to Docker's own bulletin, the malicious container can access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted. This means that even with Enhanced Container Isolation (ECI) protection enabled, an attacker can still gain unauthorized access to user files on the host system.
Security researcher and bug bounty hunter Felix Boulet discovered this vulnerability after conducting extensive research into Docker's API. Boulet found that the Docker Engine API could be reached without authentication at 'http://192.168.65.7:2375/' from inside any running container. This allowed him to create a proof-of-concept (PoC) exploit that demonstrated the creation and start-up of a new container that binds the Windows host's C: drive to the container's filesystem using two wget HTTP POST requests.
In a chilling twist, Boulet's PoC exploit did not require code execution rights inside the container. This means that even if an attacker does not have administrative privileges on the system, they can still use this vulnerability to gain access to sensitive files and escalate their privileges.
Philippe Dugre, a DevSecOps engineer at Pvotal Technologies and challenge designer for the NorthSec cybersecurity conference, confirmed that the vulnerability affected Docker Desktop Windows and macOS but not the Linux version. While he noted that the vulnerability is less dangerous on macOS due to safeguards in the operating system, he also warned that there is still room for malicious activity even on macOS.
"On Windows, since the Docker Engine runs via WSL2, the attacker can mount as an administrator the entire filesystem, read any sensitive file, and ultimately overwrite a system DLL to escalate the attacker to administrator of the host system," Dugre explained. "On MacOS, however, the Docker Desktop application still has a layer of isolation and trying to mount a user directory prompts the user for permission. By default, the docker application does not have access to the rest of the filesystem and does not run with administrative privileges, so the host is a lot safer than in the Windows case."
However, Dugre also cautioned that an attacker has complete control over the Docker Desktop application and containers, which creates the risk of backdooring or modifying the configuration without the need for permission. This means that even on macOS, where the vulnerability might seem less severe, there is still a significant threat to system security.
The good news is that Docker responded quickly to this vulnerability, releasing a new version of Docker Desktop (4.44.3) in recent days. This patch addresses the SSRF exploit and provides users with much-needed protection against this devastating flaw.
In light of this critical vulnerability, it is essential for users who rely on Docker Desktop for their daily operations to take immediate action. Patching their systems as soon as possible will be crucial in preventing unauthorized access to sensitive files and maintaining system security.
Summary:
A critical vulnerability has been exposed in Docker Desktop that allows attackers to hijack Windows hosts by exploiting a server-side request forgery (SSRF) vulnerability, known as CVE-2025-9074. This vulnerability can lead to significant consequences, including unauthorized access to user files on the host system and escalating privileges. Fortunately, Docker has released an update to patch this vulnerability, urging users to take immediate action to protect their systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-Vulnerability-Exposed-in-Docker-Desktop-The-Devastating-Consequences-on-Windows-Hosts-ehn.shtml
Published: Mon Aug 25 10:45:36 2025 by llama3.2 3B Q4_K_M
