1. Home
  2. Vulnerabilities
  3. CVE-2025-9074
9.3
CRITICAL CVSS 4.0
CVE-2025-9074
Docker Desktop allows unauthenticated access to Docker Engine API from containers
Description

A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.

INFO

Published Date :

Aug. 20, 2025, 2:15 p.m.

Last Modified :

Aug. 22, 2025, 2:15 p.m.

Remotely Exploit :

No

Source :

[email protected]
Affected Products

The following products are affected by CVE-2025-9074 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Docker desktop
: Total Affected Vendor : 1 | Products : 1
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 4.0 CRITICAL [email protected]
Solution
Update Docker Desktop to mitigate container access to the Docker Engine API and associated risks.
  • Update Docker Desktop to the latest version.
  • Review and restrict container access to the Docker Engine API.
  • Disable the "Expose daemon on tcp://localhost:2375 without TLS" option.
  • Configure network isolation for containers.
Public PoC/Exploit Available at Github

CVE-2025-9074 has a 7 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-9074.

URL Resource
https://docs.docker.com/desktop/release-notes/#4443
https://blog.qwertysecurity.com/Articles/blog3.html
https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-9074 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-9074 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
j3r1ch0123/CVE-2025-9074

New vulnerability found in Docker. Credit for finding the vulnerability goes to Felix Boulet

Python

Updated: 4 days, 20 hours ago
1 stars 0 fork 0 watcher
Born at : Sept. 3, 2025, 6:46 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
semantic-honu/today-i-learned

A collection of things I learned today. 今日学んだことの記録。

Updated: 1 day, 23 hours ago
0 stars 0 fork 0 watcher
Born at : Aug. 27, 2025, 6:18 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
zenzue/CVE-2025-9074

None

Python

Updated: 1 week, 1 day ago
7 stars 0 fork 0 watcher
Born at : Aug. 25, 2025, 7:36 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
lgturatti/techdrops

News about technology and digital stuff

Updated: 4 days, 11 hours ago
0 stars 0 fork 0 watcher
Born at : Nov. 4, 2024, 1:06 p.m. This repo has been linked 16 different CVEs too.
Profile Photo
WoodManGitHub/CVE-Research

None

Batchfile Rust Dockerfile Shell Python

Updated: 2 weeks, 1 day ago
0 stars 0 fork 0 watcher
Born at : April 11, 2024, 2:26 a.m. This repo has been linked 3 different CVEs too.
Profile Photo
0xsyr0/OSCP

OSCP Cheat Sheet

oscp oscp-guide cheat-sheet cheatsheet offensive offensive-security offsec penetration-testing pentesting security oscp-plus

Python Shell C PHP PowerShell ASP.NET

Updated: 2 days, 15 hours ago
3413 stars 706 fork 706 watcher
Born at : Oct. 22, 2021, 9:36 a.m. This repo has been linked 74 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 12 hours, 21 minutes ago
7257 stars 1200 fork 1200 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 811 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-9074 vulnerability anywhere in the article.

  • The Hacker News
CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

Federal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active expl ... Read more

Published Date: Sep 05, 2025 (4 days, 14 hours ago)
  • The Hacker News
SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

Sep 05, 2025Ravie LakshmananVulnerability / Enterprise Security A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploit ... Read more

Published Date: Sep 05, 2025 (4 days, 20 hours ago)
  • The Hacker News
CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited

Sep 04, 2025Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers ... Read more

Published Date: Sep 04, 2025 (5 days, 20 hours ago)
  • The Hacker News
CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

Sep 03, 2025Ravie LakshmananVulnerability / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855 ... Read more

Published Date: Sep 03, 2025 (1 week ago)
  • The Hacker News
⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hand ... Read more

Published Date: Sep 01, 2025 (1 week, 1 day ago)
  • Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS

A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious container to escape and gain administrator access to the host computer. A secur ... Read more

Published Date: Aug 27, 2025 (1 week, 6 days ago)
  • The Register
Docker Desktop bug let containers hop the fence with barely a nudge

Docker has patched a critical hole in Docker Desktop that let a container break out and take control of the host machine with laughable ease. The bug, tracked as CVE-2025-9074 and scoring 9.3 on the C ... Read more

Published Date: Aug 26, 2025 (2 weeks ago)
  • security.nl
Docker Desktop-lek geeft malafide containers toegang tot host-systeem

Een kritieke kwetsbaarheid in Docker Desktop maakt het mogelijk voor malafide containers om toegang tot het onderliggende host-systeem te krijgen. Het beveiligingslek (CVE-2025-9074) is vorige week me ... Read more

Published Date: Aug 26, 2025 (2 weeks ago)
  • The Hacker News
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Aug 25, 2025Ravie LakshmananContainer Security / Vulnerability Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potenti ... Read more

Published Date: Aug 25, 2025 (2 weeks, 1 day ago)
  • BleepingComputer
Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The ... Read more

Published Date: Aug 25, 2025 (2 weeks, 1 day ago)
  • The Cyber Express
China-linked Silk Typhoon Hackers Target SaaS Providers, Zero Days

The China-linked advanced persistent threat (APT) group Silk Typhoon has shown a rare ability to compromise trusted relationships in the cloud. That’s one of the key takeaways from new research by Cro ... Read more

Published Date: Aug 22, 2025 (2 weeks, 4 days ago)
  • CybersecurityNews
Windows Docker Desktop Vulnerability Leads to Full Host Compromise

A newly disclosed vulnerability in Docker Desktop for Windows has revealed how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise. CVE-2025-9074, discover ... Read more

Published Date: Aug 22, 2025 (2 weeks, 4 days ago)
  • The Cyber Express
70,000 WordPress Sites Exposed by Inspiro Theme Security Flaw

A critical security vulnerability, officially tracked as CVE-2025-8592, has been identified in the popular Inspiro WordPress theme. The flaw, affecting over 70,000 active installations, enables unauth ... Read more

Published Date: Aug 22, 2025 (2 weeks, 4 days ago)
  • The Cyber Express
CISA Warns of Critical ICS Flaws in Siemens, Tigo Energy, and EG4 Equipment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released four new Industrial Control Systems (ICS) advisories. These advisories expose multiple vulnerabilities in widely used ICS ... Read more

Published Date: Aug 22, 2025 (2 weeks, 4 days ago)
  • The Cyber Express
Critical Vulnerability in Docker Desktop Allows Malicious Containers to Access Host System

A severe security vulnerability identified as CVE-2025-9074 has been discovered in Docker Desktop, exposing users to critical risks where malicious containers can gain unauthorized access to the host ... Read more

Published Date: Aug 21, 2025 (2 weeks, 5 days ago)
  • The Cyber Express
Apple Patches Zero-Day in iOS 18.6.2 After Targeted Exploits Involving Malicious Image Files

Apple on Wednesday released iPadOS/iOS 18.6.2, as a security update addressing a zero-day vulnerability— tracked as CVE-2025-43300. The company said, the bug has already been exploited in a sophistica ... Read more

Published Date: Aug 21, 2025 (2 weeks, 5 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2025-9074 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Aug. 25, 2025

    Action Type Old Value New Value
    Added Reference https://blog.qwertysecurity.com/Articles/blog3
    Added Reference https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Aug. 25, 2025

    Action Type Old Value New Value
    Added Reference https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Aug. 22, 2025

    Action Type Old Value New Value
    Added Reference https://blog.qwertysecurity.com/Articles/blog3.html
    Added Reference https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/
  • New CVE Received by [email protected]

    Aug. 20, 2025

    Action Type Old Value New Value
    Added Description A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
    Added CVSS V4.0 AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-668
    Added Reference https://docs.docker.com/desktop/release-notes/#4443
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.3
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability