Docker · Docker Desktop · CVE-2025-9164
**Name of the Vulnerable Software and Affected Versions**
Docker Desktop versions through 4.48.0
**Description**
The Docker Desktop Installer.exe is susceptible to a DLL hijacking issue stemming from an insecure DLL search order. The installer prioritizes searching for necessary DLLs within the user's Downloads folder before examining system directories. This behavior enables a local attacker to potentially gain elevated privileges by strategically placing a malicious DLL in the Downloads directory.
**Recommendations**
Update Docker Desktop to a version newer than 4.48.0.