Critical Windows Docker Desktop Vulnerability Exposes Full Host System to Compromise

A newly disclosed vulnerability in Docker Desktop for Windows has raised significant security concerns, revealing how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise. Identified as CVE-2025-9074, this vulnerability affects all Docker Desktop versions prior to 4.44.3 and was reported by Felix Boulet on August 21, 2025. The flaw demonstrates a critical breakdown in container isolation, as it allows Docker Desktop containers to access an unauthenticated internal HTTP API endpoint at http://192.168.65.7:2375/. This exposure enables any container within the Docker environment to execute privileged operations against the host system, highlighting severe gaps in Docker’s internal security architecture. Philippe Dugre from Pivotal Technologies independently discovered a similar issue on macOS platforms, underscoring the cross-platform nature of this security flaw.

The exploitation process for this vulnerability is alarmingly straightforward, requiring only two HTTP POST requests executed from within any container environment. The first request targets the /containers/create endpoint, using a JSON payload to configure a new privileged container with host filesystem access. This configuration mounts the Windows C: drive to a container path, granting unrestricted access to the entire host filesystem. The second request initiates the container execution through the /containers/id/start endpoint, effectively bypassing all Docker security controls and granting attackers the same level of access as local administrator accounts. This vulnerability can be exploited through SSRF attacks, meaning attackers do not need direct code execution within containers; they only require the ability to trigger HTTP requests from compromised web applications or services running in containerised environments. Immediate updates to Docker Desktop are strongly advised to mitigate this risk. 

Categories: Vulnerability Type, Exploitation Method, Affected Software 

Tags: Docker, Vulnerability, SSRF, Host Compromise, API Access, Container Isolation, Privileged Container, Security Flaw, Exploitation, Windows