CVE-2025-9074
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-9074. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
Available Exploits
Related News
Affected Products
Affected Versions:
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (4.0)
EPSS Score
ENISA References
Data provided by ENISA EU Vulnerability Database. Last updated: August 21, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
Advisory provided by GitHub Security Advisory Database. Published: August 20, 2025, Modified: August 20, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074) - a reminder that Docker is not a security boundary
SecOpsDaily - 2025-08-21 Roundup Highlights from today: - [Threat Intel] [Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram](https://socket.dev/blog/malicious-go-module-disguised-as-ssh-brute-forcer-exfiltrates-credentials?utm_medium=feed) - [Vendor Advisory] [Think before you Click(Fix): Analyzing the ClickFix social engineering technique](https://www.microsoft.com/en-us/security/blog/2025/08/21/think-before-you-clickfix-analyzing-the-clickfix-social-engineering-technique/) - [News] [Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks](https://thehackernews.com/2025/08/pre-auth-exploit-chains-found-in.html) - …
When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074)
When a SSRF is enough: Full Docker Escape on Windows Docker Desktop (CVE-2025-9074)
CVE-2025-9074: Critical Vulnerability in Docker Desktop Enables Local Container Access to Docker Engine API via Subnet Docker is one of the backbones of modern enterprise infrastructure, powering cloud-native applications, CI/CD pipelines, and microservices at massive scale. Therefore, vulnerabilities in Docker images and runtimes are particularly... **CVEs:** CVE-2025-9074,cve-2025-9074 **Source:** https://socprime.com/blog/cve-2025-9074-docker-desktop-vulnerability/