- Researchers find 9.3/10 Errors in Docker Desktop to Windows and MacOS
- The Bug allows threat actors the opportunity to compromise with underlying hosts and manipulate data
- A solution was quickly released so users had to patch now
Docker has patched a critical severity in his desktop app for Windows and MacOS, which could have enabled threat actors to take over vulnerable hosts, exfilter sensitive data and more.
The vulnerability is described as a server-side request forgery (SSRF), and according to NVD, the “local running Linux containers allows to access the Docker Engine API via the configured Docker-Undernet.”
“A malicious container running on the Docker Desktop could access the Docker engine and launch additional containers without requiring the Docker connector to be mounted,” Docker said in a follow-up security advice. “This can provide unauthorized access to user files on the host system. Improved container insulation (ECI) does not reduce this vulnerability.”
Not all systems are affected in the same way
The error was discovered and reported by security researcher Felix Boulet. It is now traced as CVE-2025-9074 and got a severity of 9.3/10 (critical).
However, a separate researcher, Philippe Dugre, emphasized that the risk is not the same on all platforms, noting that it is actually somewhat greater on Windows, compared to macOS.
This is due to the protective measures baked in the macOS operating system. Dugre managed to create a file in the user’s home catalog on Windows but not on MacOS:
“On Windows, as the Docker engine runs via WSL2, the striker can mount as administrator the entire file system, read any sensitive file and ultimately overwrite a system DLL system to escalate the striker to the administrator of the host system,” Dugre explained.
“On Macos, however, the Docker -Desktop application still has a layer of insulation, and attempts to mount a user catalog ask the user for permission. By default, the Docker application does not have access to the rest of the file system and does not run with administrative privileges, so the host is much more secure than in the Windows case,” he added. “
Docker fixed it on desktop version 4.44.3 so users are advised to upgrade as soon as possible.
Via Bleeping computer
