CVE-2025-15558 — Uncontrolled Search Path Element in Docker CLI

CWE-427 — Uncontrolled Search Path Element8 documents5 sources

Severity

7.0HIGHNVD

EPSS

0.0%

top 93.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Docker CLI Github.com Docker Compose V5 Docker Command Line Interface +1 more

Timeline

PublishedMar 4

Latest updateMar 10

Description

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 a…

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶Gogithub.com/docker_compose_v5< 5.1.0

▶Gogithub.com/docker_compose_v2

▶Gogithub.com/docker_cli19.03.0 — 29.2.0+1

▶NVDdocker/command_line_interface29.1.5

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows in github.com/docker/cli↗2026-03-10

▶

OSV

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows↗2026-03-05

▶

GHSA

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows↗2026-03-05

▶

📋Vendor Advisories

Red Hat

docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries↗2026-03-04

▶

🕵️Threat Intelligence

Wiz

CVE-2025-66580 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2025-15558 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-23523 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶