Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Docker Desktop 4.44.3 security update for CVE-2025-9074

Security Patch Release
First reported
Last updated
Happening score
H score 22
2 unique sources, 2 articles

Summary

Hide ▲

Docker released Docker Desktop 4.44.3 to fix CVE-2025-9074, a critical SSRF in Docker Desktop for Windows and macOS that could let a malicious container compromise the host. The update matters because the flaw could expose host files and Enhanced Container Isolation (ECI) did not stop it. Docker addressed the issue after responsible reporting and shipped the patched build last week.

Related Happenings

Docker expands Hardened Images catalog access with near-zero-CVE subscriptions

Security Tool/Service
First: 08.10.2025 01:09 Last: 08.10.2025 01:09 Sources 1

About this happening: Docker expanded **Hardened Images** access with a **30-day free trial** and subscription use for all users, making secure container images more accessible to **startups and SMBs**...

Open Happening

Exposed Docker API malware botnet-building tooling

Malware Activity
First: 09.09.2025 22:16 Last: 09.09.2025 22:16 Sources 1

About this happening: Updated **malware** targeting **exposed Docker APIs** now **self-replicates**, establishes **persistent SSH access**, and **blocks port 2375**, raising the risk of a durable botne...

Open Happening

Exposed Docker API XMRig miner dropper

Malware Activity
First: 09.09.2025 17:01 Last: 09.09.2025 17:01 Sources 1

About this happening: A **binary dropper** carrying **XMRig** was deployed through **exposed Docker APIs**, turning compromised containers into cryptocurrency-mining infrastructure and increasing the r...

Open Happening

TOR-based cryptojacking campaign targeting exposed Docker APIs

Campaign
First: 09.09.2025 13:02 Last: 09.09.2025 13:02 Sources 1

About this happening: A **TOR-based cryptojacking campaign** is abusing **misconfigured Docker APIs** to launch containers, drop a downloader/miner chain, and spread to additional exposed hosts. The op...

Latest development: 09.09.2025 22:16

Akamai warned on September 8, 2025 that a new exposed-Docker-API campaign variation blocks external access to compromised Docker APIs and appears to be an initial version of a complex botnet. The tooling downloads system-linux-ARCH.zst over Tor, decompresses it to /tmp/system, persists access by appending an attacker key to /root/.ssh/authorized_keys, and installs masscan, zstd, libpcap, and torsocks for scanning, propagation, and evasion. The payload also contains dormant logic for Telnet exploitation using default router credentials and interaction with Chrome’s remote debugging interface.

Open Happening

Timeline

  1. 25.08.2025 18:11 2 articles · 9mo ago

    Docker Desktop 4.44.3 fixes CVE-2025-9074

    Mitigation Patch Update

    Docker released Docker Desktop 4.44.3 to remediate CVE-2025-9074, a critical server-side request forgery (SSRF) affecting Docker Desktop for Windows and macOS. The flaw let a malicious container reach the Docker Engine API at http://192.168.65.7:2375/ without authentication, launch additional containers without mounting the Docker socket, and potentially access host files; Docker said Enhanced Container Isolation (ECI) does not mitigate the vulnerability.

    Show sources
    Open in new tab
  2. 25.08.2025 18:11 2 articles · 9mo ago

    Docker Desktop 4.44.3 fixes CVE-2025-9074

    Mitigation Patch Update

    Docker released Docker Desktop 4.44.3 to remediate CVE-2025-9074, a critical server-side request forgery (SSRF) affecting Docker Desktop for Windows and macOS. The flaw let a malicious container reach the Docker Engine API at http://192.168.65.7:2375/ without authentication, launch additional containers without mounting the Docker socket, and potentially access host files; Docker said Enhanced Container Isolation (ECI) does not mitigate the vulnerability.

    Show sources
    Open in new tab