Main Vulnerability Database Vulnerabilities #VU114330

Permissions, Privileges, and Access Controls in Docker Desktop - CVE-2025-9074

Published: August 21, 2025 / Updated: January 9, 2026

Vulnerability identifier: #VU114330

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:P/U:Green

CVE-ID: CVE-2025-9074

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Docker Inc.

Affected software:
Docker Desktop

Detailed vulnerability description

The vulnerability allows a malicious container to execute arbitrary code on the system.

The vulnerability exists due to improperly imposed security restrictions. A malicious container can access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted, leading to unauthorized access to files on the host system.

How to mitigate CVE-2025-9074

Install updates from vendor's website.

Sources

https://docs.docker.com/security/security-announcements/#docker-desktop-4443-security-update-cve-2025-9074

Permissions, Privileges, and Access Controls in Docker Desktop - CVE-2025-9074

Detailed vulnerability description

How to mitigate CVE-2025-9074

Sources

Please verify you're human