A recently identified security flaw in Docker Desktop for Windows, designated as CVE-2025-9074, has exposed a critical vulnerability that allows malicious containers to gain unauthorized access to the host system. This vulnerability, discovered by security researcher Felix Boulet and reported on August 21, 2025, affects all Docker Desktop versions prior to 4.44.3. It underscores a significant breakdown in container isolation, enabling attackers to execute privileged operations on the host machine through unauthenticated API access.
Key Points:
1. Unauthenticated API Access: Containers running within Docker Desktop can exploit an exposed internal HTTP API endpoint to perform unauthorized actions on the host system.
2. Simple Exploitation Process: By issuing two specific HTTP requests, an attacker can create a privileged container with full access to the host’s filesystem.
3. Immediate Mitigation Required: Users are strongly advised to update Docker Desktop to version 4.44.3 or later to remediate this vulnerability.
Discovery and Technical Details:
The vulnerability was uncovered during routine network scanning, revealing that Docker Desktop exposes its internal HTTP API endpoint at `http://192.168.65.7:2375/` without any authentication mechanisms. This exposure allows any container within the Docker environment to access the API and execute commands with elevated privileges on the host system. Such a configuration fundamentally undermines the container isolation model, which is designed to keep workloads separate from the host environment.
The simplicity of the attack is particularly alarming. Exploiting this vulnerability requires only basic HTTP request capabilities, eliminating the need for complex exploit chains or memory corruption techniques. This lowers the barrier for potential attackers, increasing the risk of exploitation.
Exploitation Process:
The process to exploit this vulnerability involves two straightforward HTTP POST requests executed from within any container:
1. Create a Privileged Container: The attacker sends a request to the `/containers/create` endpoint with a JSON payload that configures a new privileged container. This configuration includes mounting the host’s C: drive (`/mnt/host/c`) to a container path (`/host_root`), granting unrestricted access to the host’s filesystem. The payload also specifies commands that execute automatically upon container startup, facilitating immediate post-exploitation activities.
2. Start the Malicious Container: A subsequent request to the `/containers/{id}/start` endpoint initiates the execution of the malicious container with elevated privileges.
This two-step process effectively bypasses all Docker security controls, granting attackers access equivalent to that of local administrator accounts.
Risk Assessment:
– Affected Products: Docker Desktop for Windows versions prior to 4.44.3.
– Impact: Complete compromise of the host system, allowing unauthorized access to user files and the execution of arbitrary commands.
– Exploit Prerequisites:
– Access to any container environment.
– Ability to make HTTP requests.
– Network connectivity to `192.168.65.7:2375`.
– CVSS 3.1 Score: Not specified.
Proof of Concept:
A proof of concept demonstrates the ease of exploiting this vulnerability using standard `wget` commands from an Alpine Linux container. The exploit involves creating a privileged container that mounts the host’s C: drive and executes arbitrary commands, effectively compromising the host system.
Response and Mitigation:
In response to the disclosure, Docker promptly released version 4.44.3, which addresses this critical vulnerability. The update implements proper authentication controls for internal API endpoints and enhances network segmentation between container workloads and Docker’s control plane.
Security experts strongly recommend that all users update to the patched version immediately, as no viable workarounds exist for affected systems.
Conclusion:
The discovery of CVE-2025-9074 highlights a significant security lapse in Docker Desktop for Windows, emphasizing the importance of robust container isolation and secure API configurations. Users must remain vigilant and ensure their software is up to date to protect against such vulnerabilities.
