CVE-2025-9074

Overview

CVE-2025-9074 is a critical container escape vulnerability affecting Docker Desktop on Windows and macOS. Discovered in August 2025, the flaw allows a malicious container to break isolation and gain access to the host system.

The issue arises from insecure handling of Docker API mounts, enabling privilege escalation and arbitrary file system access.

Technical Details

• Vulnerability Type: Container Escape / Privilege Escalation
• Affected Component: Docker Desktop (Windows/macOS)
• Attack Vector: Malicious Docker Container
• Impact: Host compromise, arbitrary file read/write
• CVSS Score: 9.3 (Critical)
• Exploitation: Mounts Docker API and escalates privileges
• Patch Date: August 2025

Exploitation

An attacker can craft a container that mounts the Docker socket and abuses elevated privileges to break out of the container.

Successful exploitation enables attackers to access host-level resources, inject files, or execute arbitrary code on the underlying system.

Affected Systems

• Docker Desktop for Windows (pre-patch versions)
• Docker Desktop for macOS (pre-patch versions)

Patch Information

Docker released a patched version of Docker Desktop in August 2025. All users are strongly advised to upgrade immediately.

For environments unable to update, administrators should restrict Docker socket access and enforce container runtime security controls.

Mitigation

• Update Docker Desktop to the latest patched version.
• Restrict access to the Docker socket (`/var/run/docker.sock`).
• Use sandboxing or container runtime security tools (AppArmor, SELinux, gVisor).
• Monitor for suspicious container activity and API abuse.

References