Main Vulnerability Database Vulnerabilities #VU114330

#VU114330 Permissions, Privileges, and Access Controls in Docker Desktop - CVE-2025-9074

Published: August 21, 2025 / Updated: January 9, 2026

Vulnerability identifier: #VU114330

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P/U:Green

CVE-ID: CVE-2025-9074

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Docker Desktop

Software vendor:
Docker Inc.

Description

The vulnerability allows a malicious container to execute arbitrary code on the system.

The vulnerability exists due to improperly imposed security restrictions. A malicious container can access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted, leading to unauthorized access to files on the host system.

Remediation

Install updates from vendor's website.

External links

https://docs.docker.com/security/security-announcements/#docker-desktop-4443-security-update-cve-2025-9074

#VU114330 Permissions, Privileges, and Access Controls in Docker Desktop - CVE-2025-9074

Description

Remediation

External links

Please verify you're human