CVE-2025-9074
published 2025-08-20CVE-2025-9074: A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet…
PriorityP357critical9.3CVSS 4.0
AVLACLATNPRNUIPVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.59%
72.7th percentile
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| docker | docker_desktop | >= 4.25 < 4.44.3 | 4.44.3 |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_binutils_2.32-4_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv4.09.3CRITICALCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_msrc5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4xcq-3fjf-xfqw: A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker
ghsa_unreviewed·2025-08-20
CVE-2025-9074 [CRITICAL] CWE-668 GHSA-4xcq-3fjf-xfqw: A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
Microsoft
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c when calle
vendor_msrc·2019-02-12·CVSS 5.5
CVE-2019-9074 [MEDIUM] CWE-125 An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c when calle
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd) as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c when called from pex64_get_runtime_function in pei-x86_64.c.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to add
No detection rules found.
Bleepingcomputer
Critical Docker Desktop flaw lets attackers hijack Windows hosts
blogs_bleepingcomputer·2025-08-25·CVSS 9.3
CVE-2025-9074 [CRITICAL] Critical Docker Desktop flaw lets attackers hijack Windows hosts
## Critical Docker Desktop flaw lets attackers hijack Windows hosts
## Bill Toulas
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active.
The security issue is a server-side request forgery (SSRF) now identified as CVE-2025-9074 , and it received a critical severity rating of 9.3.
“A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted,” reads Docker’s bulletin .
“This could allow unauthorized access to user files on the host system. Enhanced Container Isolation (ECI) does not mitigate this vulnerability.”
Security researcher and bug bount
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
https://docs.docker.com/desktop/release-notes/#4443https://blog.qwertysecurity.com/Articles/blog3.htmlhttps://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/https://www.vicarius.io/vsociety/posts/cve-2025-9074-detect-docker-desktop-vulnerabilityhttps://www.vicarius.io/vsociety/posts/cve-2025-9074-mitigate-docker-desktop-vulnerabilityhttps://blog.qwertysecurity.com/Articles/blog3https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/
2025-08-20
Published