SB2025051673 - Multiple vulnerabilities in Docker Desktop

Security Bulletin ID SB2025051673

Severity

Low

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-3224)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improperly imposed permissions during software update. A local user can escalate privileges on the system.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-4095)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improperly enforced Registry Access Management (RAM) policies when using a macOS configuration profile. A local user can pull images from unapproved registries.

3) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2025-3911)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software includes values from environment variables into log files on the host OS. A local user with access to the host OS can gain access to sensitive data.

Remediation

Install update from vendor's website.

References

https://docs.docker.com/security/security-announcements/#docker-desktop-4410-security-update-cve-2025-3224-cve-2025-4095-and-cve-2025-3911