Docker Command Line Interface vulnerabilities

CVE-2025-15558 [HIGH] CWE-427 CVE-2025-15558: Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a director Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI p

CVE-2021-41092 [HIGH] CWE-200 CVE-2021-41092: Docker CLI is the command line interface for the docker container runtime. A bug was found in the Do Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials