Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious container to escape and gain administrator access to the host computer.
A security flaw in Docker Desktop, a popular application for developers, has been fixed after it was found to allow attackers to break out of isolated containers and take full control of a computer. This vulnerability, officially known as CVE-2025-9074 with a critical score of 9.3 out of 10, impacts both Windows and macOS versions of the software.
The flaw, which was patched in Docker Desktop version 4.44.3 on August 20, 2025, allows a malicious program running inside a container to get unauthorised access to the main computer. For your information, containers are isolated environments that keep applications separate from the host system, but this security issue bypassed that protection.
The problem was that the Docker Engine’s internal communication system, a type of web address known as an HTTP API, was exposed without any security checks. This meant that a container with malicious code could connect to the API, create a new container with special “privileged” powers, and then access the host computer’s files. The attacker could then modify the system to gain administrator-level control. This is what’s known as a “container escape” or “container breakout” vulnerability.
The vulnerability was so severe that it worked even if the user had turned on Docker’s Enhanced Container Isolation (ECI) feature, which is designed to prevent such attacks. On Windows, an attacker could even use this flaw to overwrite important system files and take over the entire computer.
Docker quickly released a patch to fix the issue in version 4.44.3. The company stated that the vulnerability was resolved, preventing a malicious container from accessing the Docker Engine to launch other containers.
This incident makes it critical for anyone using Docker Desktop to remain vigilant. To stay secure, first, update all your software, including Docker Desktop to version 4.44.3. Second, harden your settings by avoiding overly permissive configurations, such as the –privileged command, and by restricting what containers can access. Finally, continuously monitor your system for any suspicious activity, such as unusual resource usage, to detect malicious programs.
“Docker Desktop is a very useful tool when it comes to running isolated environments and applications without touching the host system and this vulnerability essentially breaches that boundary and lets a malicious user explore the host file system which is supposed to be out of bounds for the container,“ said Ms. Nivedita Murthy, Senior Staff Consultantat Black Duck, a Burlington, Massachusetts-based provider of application security solutions:.
“The developer community heavily uses Docker Desktop on their systems, which would primarily be either Windows or, in some cases, Mac systems as well,“ she pointed out. “IT teams should push for updates and sound an alert to all users to upgrade immediately. They should also proactively search the organisation’s assets for any installed versions of the software and either remove or upgrade them as needed to ensure organisation deliver development velocity with trust,” Nivedita advised.
HackRead
