A critical vulnerability (CVE-2025-9074) in Docker Desktop allows attackers to escape containers, access host files, and escalate privileges on Windows and macOS. The flaw can be exploited by unauthorized containers via Docker’s internal HTTP API, but it has been patched in version 4.44.3. #DockerDesktop #ContainerEscape
Keypoints
- The vulnerability affects Docker Desktop on Windows and macOS, with a high CVSS score of 9.3.
- Attackers can access the Docker Engine’s internal HTTP API without authentication, leading to host file system modifications.
- The flaw allows mounting the host’s file system, potentially granting administrative privileges or controlling other containers.
- Patches were released in Docker Desktop version 4.44.3 to fix the issue.
- Exploitation requires the attacker to have access to the Docker socket or run malicious containers on vulnerable systems.
Read More: https://www.securityweek.com/docker-desktop-vulnerability-leads-to-host-compromise/