CVE-2025-9074: Docker Desktop Critical Host Compromise Vulnerability

Vulnerability Overview

CVE ID: CVE-2025-9074
CVSS Score: 9.3 (Critical)
Affected Versions: Docker Desktop < 4.44.3
Platforms: Windows and macOS Docker Desktop installations
Fixed Version: Docker Desktop 4.44.3 (released July 3, 2025)
Discovery: Mattia "0xbro" Brollo

Technical Details

Root Cause

• Docker Desktop exposes Docker Engine API to any running container without authentication
• API endpoint accessible at predictable locations (typically 192.168.65.7:2375 on Windows, Unix socket on macOS)
• No special container privileges or capabilities required for exploitation

Attack Vector

• Type: Server-Side Request Forgery (SSRF) escalating to Remote Code Execution (RCE)
• Complexity: Trivial - requires only ability to make HTTP requests from within container
• Authentication: None required - automatic authentication to Docker daemon

Exploitation Capabilities

What Attackers Can Do

• Create new containers with host filesystem mounts (-v /:/host)
• Pull and execute arbitrary Docker images
• Access sensitive host files and directories
• Install persistence mechanisms
• Pivot to other containers on same host
• Execute commands with system-level privileges

Exploitation Requirements

• Minimal: Any running container with network access
• No Requirements:
  • No privileged container flags needed
  • No special capabilities required
  • No kernel exploits needed
  • No specific configurations required

Impact Assessment

Severity Indicators

• Complete container isolation bypass: Full host compromise from any container
• Default configuration vulnerability: Affects standard Docker Desktop installations
• Zero-effort exploitation: Described as "one of the most trivial container escape vulnerabilities ever discovered"

Affected Environments

• Individual developer machines
• CI/CD pipelines using Docker Desktop
• Local development environments
• Testing environments
• Any system running Docker Desktop < 4.44.3

Detection Methods

Version Check

docker version

• Vulnerable: Any version before 4.44.3
• Safe: Version 4.44.3 or later

Compromise Indicators

# Check for suspicious container activity
docker logs
docker image ls

Look for:

• Containers created with host mounts (-v /:/host)
• Containers with privileged flags (--privileged)
• Unrecognized containers or images
• Images pulled without authorization

Post-Exploitation Evidence

• Unusual processes running on host
• Unexpected network connections
• Modified system files
• New user accounts or SSH keys

Mitigation and Response

Immediate Actions Required

1. Update immediately: Download Docker Desktop 4.44.3+ from docker.com
2. Verify installation: Run docker version to confirm 4.44.3+
3. Restart Docker Desktop: Complete the update process

No Workarounds Available

• Critical: No configuration changes can fix this vulnerability
• Alternative: Stop using Docker Desktop until update possible
• Temporary Solution: Use Linux VM with Docker Engine if containerization required

Post-Compromise Response

1. Assume compromise: If vulnerable version was used with untrusted containers
2. Full system scan: Check for malware and unauthorized access
3. Review sensitive data: Audit what may have been accessed
4. Monitor for persistence: Check for backdoors or unauthorized accounts

Operational Intelligence

Why This Vulnerability Is Exceptional

• Trivial exploitation: Requires only HTTP request capability
• No prerequisites: Works with default Docker Desktop configuration
• Universal impact: Affects all containers, not just privileged ones
• Perfect reliability: No race conditions or timing dependencies

Comparison to Other Container Escapes

• Traditional escapes: Require specific configurations, privileged containers, or kernel exploits
• CVE-2025-9074: Requires literally nothing beyond running a container

Resource Requirements for Exploitation

• Attacker skill level: Minimal - basic HTTP request knowledge
• Time to exploit: Seconds to minutes
• Tools required: Standard container networking capabilities

Decision Criteria

Update Priority: CRITICAL

• Immediate action required: No delay acceptable
• Business impact: Complete host compromise possible
• Effort to fix: Minimal - simple software update

Risk Assessment Without Update

• Probability of exploitation: High (trivial to execute)
• Impact severity: Maximum (full host compromise)
• Detectability: Low (exploitation leaves minimal traces)

Configuration Recommendations

Production Hardening

• Never use Docker Desktop in production environments
• Use proper Docker Engine on Linux for production workloads
• Implement network segmentation for development environments
• Regular vulnerability scanning for container platforms

Development Environment Security

• Keep Docker Desktop updated automatically
• Avoid running untrusted containers
• Use separate development machines for sensitive work
• Monitor container activity in development pipelines

Critical Warnings

What Documentation Doesn't Tell You

• Default Docker Desktop configuration is inherently vulnerable in affected versions
• Container isolation is completely broken, not just weakened
• Any container interaction should be considered potential host compromise

Breaking Points

• Trust boundary: Complete failure between container and host
• Isolation model: Fundamental breakdown of Docker's security promise
• Supply chain: Any compromised container can compromise entire host

Community Assessment

• Security community considers this a "fundamental failure in Docker's isolation model"
• Represents complete breakdown of container security boundary
• Described as containerization's "equivalent of leaving your front door wide open"