CVE-2025-3224

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.41.0

Description A vulnerability in the update process of Docker Desktop for Windows could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:ProgramDataDockerconfig with high privileges. However, this directory often does not exist by default, and C:ProgramData allows normal users to create new directories. By creating a malicious Dockerconfig folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.

Recommendations For versions prior to 4.41.0, update to version 4.41.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the C:ProgramData directory to prevent malicious folder creation until the update is applied. Avoid using the vulnerable update process until the issue is resolved.