Ethical Hacking News
Docker has recently issued a critical patch to address a severe vulnerability in its Desktop application for Windows and macOS. The identified flaw could allow attackers to escape the confines of a container, potentially leading to full host compromise. Users are advised to update their Docker Desktop application with the latest patch as soon as possible to prevent potential exploitation.
Docker has addressed a critical vulnerability in its Desktop application for Windows and macOS (CVE-2025-9074) with a CVSS score of 9.3 out of 10.A malicious container could access the Docker Engine, launch containers without authentication, and potentially gain privileged access to the system.The vulnerability lies in Docker's internal HTTP API being reachable from any container without authentication or access controls.Exploitation of this vulnerability is possible via malicious containers or Server-Side Request Forgery (SSRF).Docker has released a patch in version 4.44.3 to address the vulnerability, and users are advised to update their Docker Desktop application as soon as possible.
Docker has recently addressed a critical vulnerability in its Desktop application for Windows and macOS, which could potentially allow an attacker to escape the confines of a container. The identified flaw, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0, indicating that it is considered extremely severe.
According to DockerDoc, a malicious container could access the Docker Engine and launch containers without the socket, risking host file access, even with Enhanced Container Isolation (ECI) enabled. This means that if an attacker exploits this vulnerability, they could gain privileged access to the system and potentially launch further attacks from within the compromised container.
The root cause of the vulnerability lies in Docker's internal HTTP API being reachable from any container without authentication or access controls. In a statement, researcher Felix Boulet revealed that he discovered this issue by running a quick nmap scan against the Docker's documented private network. "Scanning all private range subnet takes only minutes and might show you that you weren’t as isolated as you thought," Boulet wrote. This stark reminder highlights the importance of regularly testing one's network isolation assumptions.
Felix Boulet, who discovered the flaw along with Philippe Dugre (zer0x64), explained that the Docker Desktop flaw on Windows lets attackers mount the full file system as admin, read sensitive data, or overwrite DLLs to gain host control. In contrast, macOS is considered safer due to its isolation features, although attackers can still backdoor Docker configs. Linux, on the other hand, is not impacted since it uses a named pipe.
The experts noted that exploitation of this vulnerability could occur from malicious containers or via Server-Side Request Forgery (SSRF). SSRF allows an attacker to proxy requests through the vulnerable application and reach the Docker socket, with varying impacts depending on the availability of HTTP request methods. In some cases, attackers may be able to use POST, PATCH, or DELETE methods.
Docker has already released a patch in version 4.44.3 to address this critical vulnerability. Users are strongly advised to update their Docker Desktop application as soon as possible to prevent potential exploitation.
In light of this vulnerability, security experts emphasize the need for users to stay vigilant and regularly test their network isolation assumptions. Moreover, they stress that it is essential to keep software up-to-date with the latest patches and security updates to minimize the risk of such vulnerabilities being exploited.
Related Information:
https://www.ethicalhackingnews.com/articles/Dockers-Container-Conundrum-A-Critical-Vulnerability-Exposed-ehn.shtml
Published: Mon Aug 25 17:56:04 2025 by llama3.2 3B Q4_K_M
