Critical Docker Desktop SSRF Vulnerability Exploitable via Malicious Containers
Summary
Hide ▲
Show ▼
A critical server-side request forgery (SSRF) vulnerability in Docker Desktop for Windows and macOS allows attackers to compromise the host system by running a malicious container. The flaw, identified as CVE-2025-9074, enables unauthorized access to user files on the host system, even with Enhanced Container Isolation (ECI) protection enabled. The vulnerability allows attackers to mount the host's file system and modify it to escalate privileges to those of an administrator. The vulnerability was discovered by security researcher Felix Boulet, who demonstrated a proof-of-concept (PoC) exploit that does not require code execution rights inside the container. The flaw affects Docker Desktop versions for Windows and macOS but not the Linux version. The issue was responsibly disclosed to Docker, which released a patch in version 4.44.3. The vulnerability can be exploited via a server-side request forgery (SSRF) flaw, allowing an attacker to proxy requests through the vulnerable application and reach the Docker socket. This vulnerability allows unauthorized access to user files on the host system and can be leveraged to gain full control of the Docker application and containers.
Timeline
-
25.08.2025 18:11 3 articles · 1mo ago
Docker Desktop SSRF Vulnerability Exploitable via Malicious Containers
The article provides additional details on the exploitation methods and impact of the Docker Desktop SSRF vulnerability (CVE-2025-9074). It highlights that the flaw can be exploited regardless of Enhanced Container Isolation (ECI) settings and provides insights into how attackers can escalate privileges on both Windows and macOS systems. The article also notes that the vulnerability is easy to exploit but requires specific conditions to be met. The article confirms that the vulnerability allows attackers to mount the host's file system and modify it to escalate privileges to those of an administrator. It also explains that the Docker Engine socket, if exposed, grants full access to everything the Docker application can do. On Windows, the flaw can be exploited to overwrite a system DLL to obtain administrative privileges on the host. On macOS, the flaw can be exploited to take full control of other containers or backdoor the Docker app by modifying its configuration.
Show sources
- Critical Docker Desktop flaw lets attackers hijack Windows hosts — www.bleepingcomputer.com — 25.08.2025 18:11
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
Information Snippets
-
The vulnerability, CVE-2025-9074, is a server-side request forgery (SSRF) with a critical severity rating of 9.3.
First reported: 25.08.2025 18:113 sources, 3 articlesShow sources
- Critical Docker Desktop flaw lets attackers hijack Windows hosts — www.bleepingcomputer.com — 25.08.2025 18:11
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The flaw allows a malicious container to access the Docker Engine API without authentication.
First reported: 25.08.2025 18:113 sources, 3 articlesShow sources
- Critical Docker Desktop flaw lets attackers hijack Windows hosts — www.bleepingcomputer.com — 25.08.2025 18:11
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The exploit can bind the Windows host’s C: drive to the container’s filesystem.
First reported: 25.08.2025 18:113 sources, 3 articlesShow sources
- Critical Docker Desktop flaw lets attackers hijack Windows hosts — www.bleepingcomputer.com — 25.08.2025 18:11
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The vulnerability affects Docker Desktop for Windows and macOS but not the Linux version.
First reported: 25.08.2025 18:113 sources, 3 articlesShow sources
- Critical Docker Desktop flaw lets attackers hijack Windows hosts — www.bleepingcomputer.com — 25.08.2025 18:11
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The PoC exploit consists of just three lines of Python code.
First reported: 25.08.2025 18:112 sources, 2 articlesShow sources
- Critical Docker Desktop flaw lets attackers hijack Windows hosts — www.bleepingcomputer.com — 25.08.2025 18:11
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The vulnerability was patched in Docker Desktop version 4.44.3.
First reported: 25.08.2025 18:113 sources, 3 articlesShow sources
- Critical Docker Desktop flaw lets attackers hijack Windows hosts — www.bleepingcomputer.com — 25.08.2025 18:11
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The vulnerability allows a malicious container to access the Docker Engine API without authentication.
First reported: 25.08.2025 20:532 sources, 2 articlesShow sources
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The exploit can bind the Windows host’s C: drive to the container’s filesystem.
First reported: 25.08.2025 20:532 sources, 2 articlesShow sources
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The flaw affects Docker Desktop for Windows and macOS but not the Linux version.
First reported: 25.08.2025 20:532 sources, 2 articlesShow sources
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The vulnerability was patched in Docker Desktop version 4.44.3.
First reported: 25.08.2025 20:532 sources, 2 articlesShow sources
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The vulnerability can be exploited via a server-side request forgery (SSRF) flaw.
First reported: 25.08.2025 20:532 sources, 2 articlesShow sources
- Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3 — thehackernews.com — 25.08.2025 20:53
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The vulnerability allows attackers to mount the host's file system and modify it to escalate privileges to those of an administrator.
First reported: 26.08.2025 14:241 source, 1 articleShow sources
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The flaw can be exploited regardless of whether Enhanced Container Isolation (ECI) is enabled or not.
First reported: 26.08.2025 14:241 source, 1 articleShow sources
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The Docker Engine socket, if exposed, grants full access to everything the Docker application can do.
First reported: 26.08.2025 14:241 source, 1 articleShow sources
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
On Windows, the flaw can be exploited to overwrite a system DLL to obtain administrative privileges on the host.
First reported: 26.08.2025 14:241 source, 1 articleShow sources
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
On macOS, the flaw can be exploited to take full control of other containers or backdoor the Docker app by modifying its configuration.
First reported: 26.08.2025 14:241 source, 1 articleShow sources
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
-
The vulnerability is easy to exploit but requires the Docker engine to run on Windows or macOS and access to the socket.
First reported: 26.08.2025 14:241 source, 1 articleShow sources
- Docker Desktop Vulnerability Leads to Host Compromise — www.securityweek.com — 26.08.2025 14:24
Similar Happenings
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS Attacks
The ShadowV2 botnet targets misconfigured Docker containers on Amazon Web Services (AWS) to deploy a Go-based malware, turning infected systems into nodes for a distributed denial-of-service (DDoS) botnet. This botnet is available for rent to conduct DDoS attacks, employing advanced techniques such as HTTP/2 Rapid Reset and bypassing Cloudflare's Under Attack mode. The botnet was detected on June 24, 2025, and is believed to be part of a DDoS-for-Hire service. The botnet uses a Python-based C2 framework hosted on GitHub Codespaces and a Go-based remote access trojan (RAT) for command execution and communication. The malware first spawns a generic setup container from an Ubuntu image, installs necessary tools, and then builds and deploys a live container. This approach may help avoid leaving forensic artifacts on the victim machine. The malware communicates with a C2 server to receive commands and conduct attacks. The botnet's dynamic container deployment allows highly configurable attacks while concealing activity behind cloud-native architecture. The botnet targets 24,000 IP addresses with port 2375 open, though not all are exploitable. The malware sends a heartbeat signal to the C2 server every second and polls for new attack commands every five seconds. The botnet is actively used, with observed commands to launch attacks against at least one website.
Misconfigured Docker APIs Exploited in TOR-Based Cryptojacking Campaign
A new variant of a TOR-based cryptojacking campaign targets exposed Docker APIs. The attack involves executing a new container based on the Alpine Docker image and mounting the host file system. The attackers then run a Base64-encoded payload to download a shell script downloader from a .onion domain. The script installs tools for reconnaissance and communication with a command-and-control (C2) server. The campaign may aim to establish a complex botnet. The attack chain includes exploiting additional ports (23, 9222) and using known default credentials for brute-forcing logins. The malware scans for open Docker API services at port 2375 and propagates the infection to those machines. The attackers block external access to port 2375 using available firewall utilities and install persistent SSH access. The malware includes dormant logic for future expansion opportunities for credential theft, browser session hijacking, remote file download, and distributed denial-of-service (DDoS) attacks. The campaign highlights the importance of securing Docker APIs and limiting exposure of services to the internet.
FreePBX Zero-Day Exploited in the Wild, Emergency Patch Released
A zero-day vulnerability in FreePBX (CVE-2025-57819) is actively exploited in the wild. The flaw allows unauthenticated access to the FreePBX Administrator, leading to arbitrary database manipulation and remote code execution. FreePBX versions 15, 16, and 17 are affected. The exploit has been used since at least August 21, 2025, targeting systems with inadequate IP filtering or access control lists (ACLs). Sangoma has released an emergency patch and indicators of compromise (IOCs) to help administrators detect exploitation. Users are advised to upgrade, restrict public access to the administrator control panel, and check for a known issue in the v17 'framework' module that may prevent automated update notification emails. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by September 19, 2025.
Multiple vulnerabilities in Citrix and Git added to CISA KEV catalog
CISA has added multiple vulnerabilities to its KEV catalog due to active exploitation. The flaws affect Citrix Session Recording, Git, and Citrix NetScaler ADC and NetScaler Gateway. The Citrix Session Recording vulnerabilities were patched in November 2024, the Git flaw was addressed in July 2025, and the NetScaler vulnerabilities were patched in August 2025. Federal agencies must apply mitigations by September 15, 2025, for the earlier vulnerabilities and within 48 hours for the NetScaler vulnerabilities. The vulnerabilities are CVE-2024-8068, CVE-2024-8069, CVE-2025-48384, CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424. The first two affect Citrix Session Recording, the third affects Git, and the last three affect Citrix NetScaler ADC and NetScaler Gateway. CVE-2025-48384 is an arbitrary file write vulnerability in Git due to inconsistent handling of carriage return characters in configuration files. The vulnerability affects macOS and Linux systems, with Windows systems being immune due to differences in control character usage. The flaw was resolved in Git versions 2.43.7, 2.44.4, 2.45.4, 2.46.4, 2.47.3, 2.48.2, 2.49.1, and 2.50.1. The vulnerability impacts software developers using Git on workstations and CI/CD build systems. CVE-2025-7775 is a memory overflow vulnerability leading to remote code execution and/or denial-of-service. CVE-2025-7776 is a memory overflow vulnerability leading to unpredictable behavior and denial-of-service. CVE-2025-8424 is an improper access control vulnerability in the NetScaler Management Interface. CVE-2025-7775 has been actively exploited in the wild and was added to the CISA KEV catalog on August 26, 2025, requiring federal agencies to remediate within 48 hours. The vulnerabilities affect both supported and unsupported, end-of-life versions of Citrix NetScaler ADC and NetScaler Gateway. Nearly 20% of NetScaler assets identified are on unsupported versions, primarily in North America and the APAC region. The vulnerabilities affect similar components in NetScaler ADC and NetScaler Gateway as the CitrixBleed and CitrixBleed2 vulnerabilities.
Critical OS Command Injection Vulnerability in FortiSIEM (CVE-2025-25256) Exploited in the Wild
Fortinet has disclosed a critical OS command injection vulnerability in FortiSIEM, identified as CVE-2025-25256. The flaw, with a CVSS score of 9.8, allows unauthenticated attackers to execute unauthorized code or commands via crafted CLI requests. Exploit code for this vulnerability has been observed in the wild. Affected versions include FortiSIEM 6.1 through 6.7.9 and 7.0.0 through 7.3.1. Fortinet advises upgrading to the latest versions and limiting access to the phMonitor port (7900) as a workaround.