CVE-2025-10657

Name of the Vulnerable Software and Affected Versions Docker Desktop version 4.46.0

Description A software bug in Docker Desktop allowed the configuration for restricting commands to be ignored when passed to Enhanced Container Isolation (ECI). This granted excessive privileges by permitting unrestricted access to powerful Docker commands. The issue specifically affects users of Docker Desktop 4.46.0 with ECI enabled, and containers explicitly allowed to mount the Docker socket. The command restrictions feature, designed to limit commands issued on the Docker socket, was not functioning as intended. ECI is a security feature that enhances container isolation.

Recommendations Update to a newer version that contains a fix for this vulnerability.