CVE-2025-9074

Medienbericht

EPSS 0.01%
Veröffentlicht 20.08.2025 13:28:35
Zuletzt bearbeitet 25.09.2025 17:15:39
Quelle security@docker.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerDocker

≫

Produkt Docker Desktop

Default Statusunaffected

Version < 4.44.3

Version 4.25

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.011

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@docker.com	9.3	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://www.heise.de/news/Docker-Desktop-Kritische-Sicherheitsluecke-erlaubt-Host-Zugriff-10560090.html

Medienbericht

heise Security

https://docs.docker.com/desktop/release-notes/#4443

https://blog.qwertysecurity.com/Articles/blog3.html

https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/

https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/

https://www.vicarius.io/vsociety/posts/cve-2025-9074-detect-docker-desktop-vulnerability

https://www.vicarius.io/vsociety/posts/cve-2025-9074-mitigate-docker-desktop-vulnerability

https://blog.qwertysecurity.com/Articles/blog3

https://nvd.nist.gov/vuln/detail/CVE-2025-9074

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-9074

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-9074

EUVD