A significant security flaw has been identified in Docker Desktop, potentially allowing attackers to gain unauthorized access to host systems. This vulnerability, designated as CVE-2025-9074 with a CVSS score of 9.3, affects both Windows and macOS versions of the application. It enables malicious containers to interact with the Docker Engine, launch additional containers, and access user files on the host system without the need to mount the Docker socket.
Understanding the Vulnerability
The core issue lies in the ability of any container to access Docker’s internal HTTP API without authentication. This oversight permits attackers to connect to the API using the internal IP address, create and start privileged containers, and subsequently mount the host’s file system. Such actions grant full access to the host, posing a severe security risk.
Potential Exploitation Scenarios
On Windows systems, an attacker could exploit this flaw to mount the host’s file system and overwrite a system DLL, thereby obtaining administrative privileges. This level of access could lead to unauthorized system modifications, data breaches, and further exploitation of the compromised system.
For macOS users, the vulnerability allows attackers to take full control of other containers or backdoor the Docker application by modifying its configuration. Although macOS has an additional layer of isolation that prompts users for permission when mounting a user directory, the Docker application does not have default access to the rest of the filesystem and does not run with administrative privileges. However, this does not entirely mitigate the risk posed by the vulnerability.
Mitigation Measures
Docker has addressed this critical flaw in Docker Desktop version 4.44.3. Users are strongly advised to update their installations promptly to protect their systems from potential exploitation. Additionally, it is crucial to ensure that the Docker Engine socket is not exposed to untrusted code or users, as it grants full access to all Docker application functionalities.
Broader Implications
This vulnerability underscores the importance of securing container environments. Similar issues have been observed in other container technologies. For instance, a critical flaw in Nvidia’s Container Toolkit exposed cloud AI systems to host takeovers, allowing attackers to escape containers and control the underlying host system. Such vulnerabilities highlight the need for robust security measures in containerized environments.
Conclusion
The discovery of CVE-2025-9074 in Docker Desktop serves as a stark reminder of the potential risks associated with container technologies. Users must remain vigilant, apply security patches promptly, and adhere to best practices to safeguard their systems against such vulnerabilities.
