CVE-2025-9074
Docker Desktop allows unauthenticated access to Docker Engine API from containers
Description
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
INFO
Published Date :
Aug. 20, 2025, 2:15 p.m.
Last Modified :
Aug. 22, 2025, 2:15 p.m.
Remotely Exploit :
No
Source :
[email protected]
CVSS Scores
Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|---|
CVSS 4.0 | CRITICAL | [email protected] |
Solution
- Update Docker Desktop to the latest version.
- Review and restrict container access to the Docker Engine API.
- Disable the "Expose daemon on tcp://localhost:2375 without TLS" option.
- Configure network isolation for containers.
Public PoC/Exploit Available at Github
CVE-2025-9074 has a 7 public
PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-9074
.
URL | Resource |
---|---|
https://docs.docker.com/desktop/release-notes/#4443 | |
https://blog.qwertysecurity.com/Articles/blog3.html | |
https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/ |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-9074
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-9074
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
New vulnerability found in Docker. Credit for finding the vulnerability goes to Felix Boulet
Python
A collection of things I learned today. 今日学んだことの記録。
None
Python
News about technology and digital stuff
None
Batchfile Rust Dockerfile Shell Python
OSCP Cheat Sheet
oscp oscp-guide cheat-sheet cheatsheet offensive offensive-security offsec penetration-testing pentesting security oscp-plus
Python Shell C PHP PowerShell ASP.NET
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-9074
vulnerability anywhere in the article.

-
The Hacker News
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active expl ... Read more

-
The Hacker News
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
Sep 05, 2025Ravie LakshmananVulnerability / Enterprise Security A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploit ... Read more

-
The Hacker News
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited
Sep 04, 2025Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers ... Read more

-
The Hacker News
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation
Sep 03, 2025Ravie LakshmananVulnerability / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855 ... Read more

-
The Hacker News
⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hand ... Read more

-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious container to escape and gain administrator access to the host computer. A secur ... Read more

-
The Register
Docker Desktop bug let containers hop the fence with barely a nudge
Docker has patched a critical hole in Docker Desktop that let a container break out and take control of the host machine with laughable ease. The bug, tracked as CVE-2025-9074 and scoring 9.3 on the C ... Read more

-
security.nl
Docker Desktop-lek geeft malafide containers toegang tot host-systeem
Een kritieke kwetsbaarheid in Docker Desktop maakt het mogelijk voor malafide containers om toegang tot het onderliggende host-systeem te krijgen. Het beveiligingslek (CVE-2025-9074) is vorige week me ... Read more

-
The Hacker News
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Aug 25, 2025Ravie LakshmananContainer Security / Vulnerability Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potenti ... Read more

-
BleepingComputer
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The ... Read more

-
The Cyber Express
China-linked Silk Typhoon Hackers Target SaaS Providers, Zero Days
The China-linked advanced persistent threat (APT) group Silk Typhoon has shown a rare ability to compromise trusted relationships in the cloud. That’s one of the key takeaways from new research by Cro ... Read more

-
CybersecurityNews
Windows Docker Desktop Vulnerability Leads to Full Host Compromise
A newly disclosed vulnerability in Docker Desktop for Windows has revealed how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise. CVE-2025-9074, discover ... Read more

-
The Cyber Express
70,000 WordPress Sites Exposed by Inspiro Theme Security Flaw
A critical security vulnerability, officially tracked as CVE-2025-8592, has been identified in the popular Inspiro WordPress theme. The flaw, affecting over 70,000 active installations, enables unauth ... Read more

-
The Cyber Express
CISA Warns of Critical ICS Flaws in Siemens, Tigo Energy, and EG4 Equipment
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released four new Industrial Control Systems (ICS) advisories. These advisories expose multiple vulnerabilities in widely used ICS ... Read more

-
The Cyber Express
Critical Vulnerability in Docker Desktop Allows Malicious Containers to Access Host System
A severe security vulnerability identified as CVE-2025-9074 has been discovered in Docker Desktop, exposing users to critical risks where malicious containers can gain unauthorized access to the host ... Read more

-
The Cyber Express
Apple Patches Zero-Day in iOS 18.6.2 After Targeted Exploits Involving Malicious Image Files
Apple on Wednesday released iPadOS/iOS 18.6.2, as a security update addressing a zero-day vulnerability— tracked as CVE-2025-43300. The company said, the bug has already been exploited in a sophistica ... Read more
The following table lists the changes that have been made to the
CVE-2025-9074
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Aug. 25, 2025
Action Type Old Value New Value Added Reference https://blog.qwertysecurity.com/Articles/blog3 Added Reference https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/ -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Aug. 25, 2025
Action Type Old Value New Value Added Reference https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/ -
CVE Modified by af854a3a-2127-422b-91ae-364da2661108
Aug. 22, 2025
Action Type Old Value New Value Added Reference https://blog.qwertysecurity.com/Articles/blog3.html Added Reference https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/ -
New CVE Received by [email protected]
Aug. 20, 2025
Action Type Old Value New Value Added Description A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop. Added CVSS V4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-668 Added Reference https://docs.docker.com/desktop/release-notes/#4443