A severe security vulnerability identified as CVE-2025-9074 has been discovered in Docker Desktop, exposing users to critical risks where malicious containers can gain unauthorized access to the host system. This flaw impacts how Linux containers interact with the Docker Engine, potentially allowing attackers to control the host’s file system and execute privileged commands without proper protection in place.
Docker, a widely used platform for containerized application deployment, released an advisory acknowledging a critical flaw in Docker Desktop. The vulnerability enables malicious containers running locally to bypass restrictions and directly access the Docker Engine API through a pre-configured subnet (default address: 192.168.65.7:2375). This access does not require the Docker socket to be mounted, a detail that makes the flaw particularly dangerous.
Overview of the CVE-2025-9074 Vulnerability
According to the official release notes, malicious containers exploiting CVE-2025-9074 can launch additional containers and manipulate the Docker environment with elevated privileges. This includes the ability to control other containers, manage Docker images, and, in Windows environments using the Windows Subsystem for Linux (WSL) backend, mount the host drive with the permissions of the user running Docker Desktop. Notably, the vulnerability renders existing protective features like Enhanced Container Isolation (ECI) ineffective against this attack vector.
Technical Details and Impact
The vulnerability affects Docker Desktop versions running Linux containers locally and is indifferent to how security options are configured. Even with the “Expose daemon on tcp://localhost:2375 without TLS” setting disabled, the flaw remains exploitable.
A key point emphasized in the vulnerability report is that attackers can send privileged commands to the Docker Engine API by accessing the subnet interface. In environments like Docker Desktop for Windows using the WSL backend, this translates to attackers potentially mounting host drives and accessing sensitive user files with user-level permissions, escalating the severity of the breach.
Response and Mitigation
Docker promptly responded by releasing updated versions of Docker Desktop, starting with version 4.44.3, issued on August 20, 2025. The update specifically addresses CVE-2025-9074 by patching the vulnerability to prevent unauthorized container access to the Docker Engine.
The release notes for Docker Desktop 4.44.3 state:
“Fixed CVE-2025-9074, where a malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted. This could allow unauthorized access to user files on the host system. Enhanced Container Isolation (ECI) does not mitigate this vulnerability.”
Users are strongly urged to upgrade to the latest Docker Desktop versions immediately. Docker Desktop versions older than six months from the latest release are no longer supported or available for download.
Recent Docker Desktop Updates
This vulnerability comes amid a series of ongoing updates and improvements in Docker Desktop’s ecosystem. Earlier versions like 4.44.2 and 4.44.1 focused on bug fixes and feature enhancements, such as integrating Docker Offload Beta and improving startup stability, especially for WSL 2 users.
Version 4.44.0, released in early August 2025, introduced major stability improvements for WSL 2 and added advanced features for running multiple models within Docker Model Runner. It also upgraded core components like Docker Engine to version 28.3.2 and Docker Compose to version 2.39.1.
Notably, the Docker team had previously addressed another critical security issue, CVE-2025-23266, related to the NVIDIA Container Toolkit, by updating the toolkit bundled with Docker Desktop to version 1.17.8.
The latest Docker Desktop update fixes the critical CVE-2025-9074 vulnerability along with several bugs affecting permissions, Kubernetes, installer stability, and performance. Users, especially those running Linux containers, should update immediately to version 4.44.3 or later, regularly check their versions, and monitor for suspicious activity.
This highlights the importance of timely patching and security vigilance, as even strong isolation can’t replace regular updates. Docker’s quick response shows its commitment to security, but users must stay proactive to keep their environments safe.
