Cyber Security News

Critical Docker Desktop flaw lets attackers hijack Windows hosts

BleepingComputer
Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical security vulnerability in Docker Desktop for Windows and macOS allows attackers to compromise the host system via malicious containers, even with Enhanced Container Isolation enabled. The flaw, identified as CVE-2025-9074, enables unauthorized access to the Docker Engine API and potential escalation of privileges on Windows and macOS systems. #DockerDesktop #CVE-2025-9074

Keypoints

  • A critical vulnerability in Docker Desktop affects Windows and macOS, but not Linux systems.
  • The flaw allows malicious containers to access the Docker Engine API without authentication.
  • On Windows, attackers can mount the entire filesystem and escalate privileges via WSL2.
  • On macOS, safeguards limit malicious activities, but risks remain due to container control.
  • The vulnerability has been patched in Docker Desktop version 4.44.3 after responsible disclosure.

Read More: https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/