Docker has released security updates to address a vulnerability (CVE-2025-9074) that could potentially allow an attacker to break out of the confines of a container.
Severity level:-
CVSS Score: 9.3/Critical.
Description:- Docker Desktop is a widely used containerization platform for Windows and macOS. CVE-2025-9074 is a critical vulnerability caused by Docker Desktop exposing its internal Docker Engine API at聽192.168.65.7:2375聽without authentication. This flaw allows a malicious container to access the Docker API and perform unauthorized actions such as launching new containers, mounting host drives, and modifying host files.
Affected Versions聽:-聽 聽
- Docker Desktop for Windows before version 4.44.3.
- Docker Desktop for macOS before version 4.44.3.
Impact:-
Successful exploitation may result in container escape and arbitrary code execution on the host system with elevated privileges.
Resolution:- Please update to the following patched versions:
- Docker Desktop 4.44.3 or later for Windows.
- Docker Desktop 4.44.3 or later for macOS.
References:-