Critical Vulnerability in Docker Desktop Allows Attackers to Take Control of Windows Hosts

ByAdmin

A critical vulnerability has been identified in Docker Desktop for Windows and macOS, allowing an attacker to compromise the host system by running a malicious container, even with Enhanced Container Isolation (ECI) protection enabled. This security issue, classified as a server-side request forgery (SSRF) and designated CVE-2025-9074, has received a critical severity rating of 9.3. According to Docker’s bulletin, a malicious container can access the Docker Engine and launch additional containers without needing the Docker socket to be mounted, potentially leading to unauthorised access to user files on the host system. Notably, ECI does not mitigate this vulnerability. Security researcher Felix Boulet discovered that the Docker Engine API could be accessed without authentication from any running container, demonstrating the exploit with a proof-of-concept that binds the Windows host’s C: drive to the container’s filesystem using simple HTTP POST requests.

Philippe Dugre, a DevSecOps engineer at Pivotal Technologies, confirmed that this vulnerability affects Docker Desktop on Windows and macOS but not on Linux. He noted that the risk is lower on macOS due to built-in operating system safeguards, as mounting a user directory requires user permission. On Windows, however, the Docker Engine operates via WSL2, allowing an attacker to mount the entire filesystem as an administrator, read sensitive files, and potentially overwrite system DLLs to escalate privileges. Despite the relative safety of macOS, Dugre cautioned that attackers could still manipulate the application and containers, posing risks of backdooring or configuration modification. The vulnerability is reportedly easy to exploit, with Dugre’s proof-of-concept consisting of just three lines of Python code. Docker responded promptly to the report, releasing an updated version, 4.44.3, to address the issue. 

Categories: Vulnerability, Container Security, Operating System Risks 

Tags: Docker, Vulnerability, SSRF, CVE-2025-9074, Container, Isolation, Windows, macOS, Exploit, Security 

Leave a Reply

Your email address will not be published. Required fields are marked *