- Researchers find 9.3/10 failures in Docker Desktop for Windows and Macos
- The error allows the threat actors to compromise the underlying hosts and manipulate the data
- A solution was rapidly launched, so users should patch now
Docker has paveled a vulnerability of critical gravity in its desktop application for Windows and Macos, which could have allowed the threat actors to completely assume vulnerable hosts, exfiltrate confidential data and more.
The vulnerability is described as a falsification of request on the server side (SSRF) and, according to the NVD, “allows Linux local containers to access the Docker engine API through the configured Docker subnet.”
“A malicious container that is executed in Docker Desktop could access the Docker engine and launch additional containers without requiring the Docker Socket to mount,” Docker said in a follow -up security notice. “This could allow unauthorized access to user files in the host system. The improved insulation of the container (ECI) does not mitigate this vulnerability.”
Not all systems are affected in the same way
The error was discovered and informed by security researcher Felix Boulet. Now it is tracked as CVE-2025-9074 and was given a severity classification of 9.3/10 (critic).
However, a separate researcher, Philippe Dugre, emphasized that the risk is not the same on all platforms, and points out that it is actually something greater in Windows, compared to macOS.
This is due to the baked safeguards in the Macos operating system. Dugre managed to create a file in the user’s start directory in Windows, but not in Macos:
“In Windows, since the Docker engine is executed through WSL2, the attacker can mount as administrator of the entire file system, read any confidential file and, ultimately, overwritten a DLL system to intensify the attacker to the host system administrator,” Dugre explained.
“However, in Macos, the Docker Desktop application still has an insulation layer and tries to mount a user directory asks the user to allow the user. In a default, the Docker application does not have access to the rest of the file system and is not executed with administrative privileges, so the host is much safer than in the case of Windows,” he added.
Docker fixed it on the desktop version 4.44.3, so it is recommended to users who update as soon as possible.
Through Bleepingcomputer
