Docker has issued security fixes for a critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS, which could allow attackers to escape containers and access host files. This flaw, rated 9.3/10 CVSS, stems from an unauthenticated access to the Docker Engine API, posing a significant risk of full host compromise. #DockerDesktop #CVE-2025-9074
Keypoints
- The vulnerability affects Docker Desktop for Windows and macOS but not Linux due to architecture differences.
- An attacker can exploit the flaw using malicious containers to access or modify host system files without authentication.
- The security flaw stems from the Docker Engine API being accessible via TCP socket without proper access controls.
- On Windows, the vulnerability can allow full file system access and host system control, including privilege escalation.
- Docker has released version 4.44.3 to patch this critical security flaw and improve container isolation.
Read More: https://thehackernews.com/2025/08/docker-fixes-cve-2025-9074-critical.html