CVE-2025-9074: The Critical Docker Desktop Vulnerability Putting Windows and macOS Hosts at Risk

Docker Desktop, the go-to tool for developers and system administrators to run containerized environments on workstations, is under the spotlight after the discovery of a critical vulnerability that threatens millions of machines.

The flaw, identified as CVE-2025-9074 and rated 9.3 on the CVSS scale, affects Docker Desktop on Windows and macOS. It does not impact Linux environments, since the execution model is different.

At its core, the issue is a Server-Side Request Forgery (SSRF) exposing Docker Engine’s internal API (http://192.168.65.7:2375/) to any running container without authentication. The consequence: an attacker who manages to run a malicious container can execute commands on the host, launch new privileged containers, and access the full filesystem.

---

Real-World Impact for System Administrators

For sysadmins, this vulnerability breaks one of Docker’s fundamental security guarantees: container isolation from the host.

• On Windows, where Docker Desktop relies on WSL2, an attacker could mount the entire C: drive inside a container and then:
  • Read any system file, including private keys and credentials.
  • Overwrite system DLLs, escalating privileges to host administrator.
  • Establish persistence via backdoors.
• On macOS, the OS’ built-in protections reduce the risk, as users must explicitly approve access to directories outside the sandbox. However, attackers still retain full control of Docker Desktop and containers, enabling them to tamper with configurations, inject backdoors, or alter images.

In both cases, Enhanced Container Isolation (ECI) does not mitigate the vulnerability, as the exploit targets Docker’s control plane rather than runtime execution inside containers.

---

How the Exploit Works

Security researcher Felix Boulet, who discovered the bug, demonstrated that just two HTTP POST calls from inside a container are enough to compromise the host:

1. Create a new container binding the host’s C: drive to a directory inside the container (/host_root).
2. Start the container and execute arbitrary commands against the mounted files.

The PoC didn’t even require additional code execution permissions inside the container. A simple three-line Python script was sufficient to prove full host compromise.

---

Immediate Recommendations for Sysadmins

Docker has already released a patch in Docker Desktop version 4.44.3 to address the issue. The top priority is to update immediately.

However, sysadmins should go further and reinforce their practices:

• Verify Docker Desktop version: docker --version Ensure it is >= 4.44.3.
• Restrict untrusted containers on Windows/macOS environments. Validate external images before execution.
• Enforce internal network segmentation, even in dev/test setups, to prevent unnecessary container access to private interfaces.
• Audit Docker user permissions: apply the principle of least privilege. Developers should not run privileged containers on corporate laptops without justification.
• Strengthen endpoint monitoring: EDR/XDR tools can help detect abnormal behavior, such as processes accessing C:\Windows\System32 from Docker binaries.

---

Key Lessons for Docker Administration

This incident highlights several takeaways sysadmins should not ignore:

1. Never trust “internal” interfaces: a private API exposed without authentication is as dangerous as a public one.
2. Zero-trust even within the host: a container running locally isn’t automatically safe.
3. Regular internal scans: tools like nmap, netstat, or ss can reveal unintended port exposure before attackers do.
4. DevSecOps practices are crucial: integrating security into the development lifecycle helps prevent architectural oversights from becoming critical breaches.

---

Conclusion

CVE-2025-9074 is a stark reminder that container security can’t be taken for granted. The exploit’s simplicity, combined with its ability to fully compromise Windows hosts, makes it one of the most severe Docker Desktop flaws in years.

For sysadmins, the message is clear: patch now, tighten hardening practices across dev and production environments, and assume that even mature tools like Docker can contain unexpected cracks.

Lightweight virtualization has transformed how services are deployed, but security must evolve at the same pace. A malicious container should never be able to tear down the wall separating it from the host — yet this flaw shows why constant vigilance is essential.

---

Frequently Asked Questions (FAQ)

1. Which versions of Docker Desktop are affected?
All versions prior to 4.44.3 on Windows and macOS. Linux Docker Engine is not affected.

2. Does Enhanced Container Isolation (ECI) mitigate this issue?
No. ECI does not help because the vulnerability lies in the Docker control plane, not inside the container runtime.

3. What should sysadmins do besides updating?

• Segment container network access.
• Restrict unverified images.
• Audit Docker roles and permissions.
• Monitor host activity for anomalies.

4. What specific risks exist on Windows vs. macOS?

• Windows: full filesystem access, credential theft, and privilege escalation to administrator.
• macOS: stronger restrictions, but still risk of backdoors, altered configurations, and tampered images.

Source: Noticias seguridad and CVE-2025-9074