Critical Docker Desktop Flaw Exposes Windows Hosts to Hijacking
▼ Summary
– A critical SSRF vulnerability (CVE-2025-9074) in Docker Desktop allows malicious containers to compromise the host system even with Enhanced Container Isolation active.
– The flaw enables unauthorized access to the Docker Engine API without authentication, permitting attackers to launch additional containers and access host files.
– Windows systems are more severely affected, as attackers can mount the entire filesystem and escalate to administrator privileges.
– macOS offers better protection through built-in safeguards that require user permission for directory access, though risks of configuration tampering remain.
– Docker has patched the vulnerability in version 4.44.3 after responsible disclosure, though exploitation was demonstrated with minimal code.
A critical security flaw has been identified in Docker Desktop for Windows and macOS, enabling attackers to compromise the host system by executing a malicious container, even when Enhanced Container Isolation (ECI) is enabled. This vulnerability, tracked as CVE-2025-9074, carries a severity score of 9.3 and allows unauthorized access to host files and services.
According to Docker’s security advisory, a malicious container could interact with the Docker Engine to launch further containers without needing the Docker socket to be mounted. This bypasses existing protections and exposes user files on the host. ECI, a feature designed to add an extra layer of security, does not prevent exploitation of this flaw.
Security researcher Felix Boulet discovered that the Docker Engine API remained accessible without authentication via the internal address `http://192.168.65.7:2375/` from within any container. Boulet demonstrated that an attacker could use simple HTTP POST requests to create a new container with the host’s C: drive mounted, granting full filesystem access. Notably, this technique does not require code execution rights inside the initial container.
Philippe Dugre, a DevSecOps engineer, confirmed the vulnerability affects both Windows and macOS versions of Docker Desktop but not Linux. He emphasized that the impact is more severe on Windows systems. Because Docker Desktop on Windows operates through WSL2, an attacker can mount the entire filesystem with administrative privileges, read sensitive data, and even overwrite system files to escalate privileges.
On macOS, the situation is less dire due to built-in operating system safeguards. Mounting user directories requires explicit user permission, and Docker does not run with administrative rights by default. However, Dugre cautioned that an attacker still retains significant control over the application and containers, opening the door to backdoor installation or configuration tampering without triggering permission prompts.
Exploiting this vulnerability is straightforward. Dugre illustrated that a successful attack can be executed with just three lines of Python code, highlighting how easily a threat actor could leverage the flaw.
Docker responded promptly to the responsible disclosure and has released a patched version, Docker Desktop 4.44.3, which addresses the issue. Users are strongly urged to update their software immediately to protect their systems from potential hijacking.
(Source: Bleeping Computer)
