Redazione RHC : 27 August 2025 14:36
A critical vulnerability in the desktop version of Docker for Windows and macOS allowed a host system to be compromised by running a malicious container, even with Enhanced Container Isolation (ECI) protection enabled.
The vulnerability has been assigned the identifier CVE-2025-9074 (9.3 points on the CVSS scale) and is a server-side request forgery (SSRF) bug. The issue has been fixed in version 4.44.3.
“A malicious container running in Docker Desktop could access the Docker Engine and launch additional containers without mounting a Docker socket,” Docker developers explain in a security bulletin. “This could lead to unauthorized access to user files on the host system. Enhanced Container Isolation (ECI) does not protect against this vulnerability.”
Security specialist Felix Boulet, who discovered the vulnerability, claimed that it was possible to contact the Docker Engine API without authentication using the address http://192.168.65[.]7:2375/ from within any running container.
The expert demonstrated creating and starting a new container that maps the C: drive of a Windows host to the container’s file system using two HTTP POST requests. wget. Boulet’s proof-of-concept exploit doesn’t require permissions to run code inside the container.
Philippe Dugre, DevSecOps engineer at Pvotal Technologies and designer of the NorthSec security conference challenge, confirmed that the vulnerability affects the desktop version of Docker for Windows and macOS, but not the Linux version.
According to Dugre, the vulnerability is less dangerous on macOS thanks to the operating system’s protection mechanisms. For example, it was able to create a file in the Windows user’s home directory, but this isn’t possible on macOS without the user’s permission.
“On Windows, because Docker Engine runs via WSL2, an attacker can mount the entire file system as root, read any file, and eventually overwrite a system DLL to elevate privileges to the root level of the host system,” Dugre writes. “However, on macOS, the Docker Desktop app still maintains some level of isolation, and attempting to mount a user directory requires the user’s permission. By default, the app doesn’t have access to the rest of the file system and doesn’t run with root privileges, making the host more secure than Windows.”
The researcher noted that malicious activity is also possible on macOS, as the attacker has complete control over the application and containers, which poses the risk of creating backdoors or modifying the configuration without authorization.
Redazione