CVE-2025-9074

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.44.3

Description A critical vulnerability exists in Docker Desktop that allows local Linux containers to access the Docker Engine API via the configured Docker subnet (defaulting to 192.168.65.7:2375). This issue occurs regardless of Enhanced Container Isolation (ECI) being enabled or disabled, and whether the "Expose daemon on tcp://localhost:2375 without TLS" option is enabled. Successful exploitation can lead to the execution of privileged commands on the API, including controlling containers, creating new ones, and managing images. On Windows systems with a WSL backend, this can also allow mounting the host drive with the same privileges as the user running Docker Desktop. The vulnerability is due to an unauthenticated HTTP API being accessible from within any container. This allows an attacker to potentially gain full control of the host system. The Linux version is less susceptible due to the use of named pipes instead of TCP sockets for API communication.

Recommendations Update Docker Desktop to version 4.44.3 or later.