Docker has released an urgent security update to fix a critical vulnerability in Docker Desktop for Windows and macOS. The flaw, tracked as CVE-2025-9074, carries a CVSS score of 9.3, placing it in the “critical” risk category. If exploited, the bug could let attackers break out of a container environment and gain access to files on the host system.
The issue has been patched in Docker Desktop version 4.44.3, and users are strongly advised to update immediately.
CVE-2025-9074 is a container escape vulnerability that allows a malicious container to communicate with the Docker Engine without requiring the Docker socket to be mounted. In simple terms, a hacker running a compromised container could control the Docker Engine, launch new containers, and access sensitive files from the host machine.
Docker warned in its security advisory that:
“A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted. This could allow unauthorized access to user files on the host system.”
This flaw is not mitigated by Enhanced Container Isolation (ECI), meaning even advanced protection settings would not have stopped the attack.
Security researcher Felix Boulet, who discovered the flaw, explained that containers could connect to the Docker Engine API at 192.168.65.7:2375 without any authentication. This meant any container, even a restricted one, could escalate its access.
Boulet published a proof-of-concept (PoC) showing how attackers could:
Send a POST request with a JSON payload to create a new container.
In this step, attackers could bind the host’s C:\ drive to a folder inside the container (
/mnt/host/c:/host_root).Once mounted, the attacker could read or write anything under
/host_root.
Send another POST request to start the container.
This action would allow immediate execution of malicious commands, giving attackers direct access to host files.
Boulet summed it up by saying:
“At its core, this vulnerability was a simple oversight. Docker’s internal HTTP API was reachable from any container without authentication or access controls.”
Further analysis by Philippe Dugre (zer0x64) of PVOTAL Technologies revealed significant differences in how this vulnerability impacts Windows and macOS systems:
On Windows:
Attackers could mount the entire file system as an administrator.
They could read sensitive files, replace system DLLs, and escalate to full administrator privileges.
This makes Windows users especially vulnerable.
On macOS:
Docker Desktop has an additional isolation layer.
When trying to mount a user directory, macOS prompts the user for permission.
By default, Docker does not run with administrative privileges, so attackers cannot immediately gain root access.
However, attackers can still control Docker containers and even backdoor the Docker application by modifying its configuration.
Dugre explained:
“The host is much safer on macOS than on Windows. However, the attacker still has full control of Docker containers and can modify its application without user approval.”
Linux systems are not impacted by CVE-2025-9074. Unlike Docker Desktop on Windows and macOS, Linux uses a named pipe on the host’s file system instead of a TCP socket for communication. This design choice prevents attackers from reaching the Docker Engine API in the same way.
The most likely attack vector is a malicious container uploaded and run by the victim. Once executed, the container can escape its isolation and target the host.
Another possible vector is Server-Side Request Forgery (SSRF). According to researchers, attackers could proxy their requests through a vulnerable application to reach the Docker API. Depending on the HTTP methods allowed, they could even send POST, PATCH, or DELETE requests to escalate the attack further.
CVE-2025-9074 highlights the critical risks of container escape vulnerabilities. Containers are supposed to act as isolated environments, but this flaw showed that a single mistake in API access controls can compromise the entire host machine.
With a CVSS score of 9.3, this vulnerability ranks among the most severe issues found in container security in recent years. It exposes developers, enterprises, and cloud environments that rely on Docker for application deployment.
To protect against CVE-2025-9074, Docker users should:
Update to Docker Desktop version 4.44.3 or later.
Avoid running untrusted containers, especially from unknown sources.
Regularly review Docker security best practices, including restricting API access and using minimal privileges.
Monitor system logs for suspicious Docker Engine activity.
Docker’s quick action to patch CVE-2025-9074 shows the importance of fast response in container security. For Windows users, the risk was especially high, with attackers able to gain full control of the host system. While macOS users are safer, the flaw still posed serious risks.
This vulnerability is a wake-up call for organizations and developers who rely on Docker: container isolation is powerful but not foolproof. Keeping Docker updated and practicing strong security hygiene remain the best defenses.
Interesting Article : Hackers Exploit VPS to Bypass Security and Compromise SaaS Accounts
Pingback: Salesforce Data Breach: Salesloft OAuth Exploit via Drift AI App