The new critical vulnerability to Docker Desktop is threatening Windows users. An error identified as CVE-2025-9074 and rated 9.3 out of 10 on the CVSS scale allows attackers to bypass container isolation and execute commands at the host level with just two HTTP requests.
Docker Desktop has been widely used by developers for working with containers, making it easy to launch applications in isolated environments across different platforms.
However, researcher Felix Bula demonstrated that the insulation in Windows versions could be easily compromised. By running a malicious program inside a container and sending specially crafted requests to the Docker engine, attackers could create a new container with access to the system’s disk C: and gain full system control.
Of concern is that the vulnerability persists regardless of the “Enhanced Container Isolation” setting and the “Expose Daemon on TCP://Localhost:2375 Without TLS” configuration. This means even users who believed they had added extra security measures were still vulnerable. Attackers could manipulate existing images, launch new containers, and take control of the entire working environment.
Bula disclosed the exploit and shared a working code that can be executed from any container. He highlighted that minimal effort is required for compromise – just a malicious process inside the container and two consecutive requests. This low barrier to entry increases the risk of mass attacks, especially when developers use third-party images from unverified sources.
After acknowledging the issue, Docker released a fix in version 4.4.3. The company confirmed that attackers could indeed launch additional containers with access to the Docker Engine and advised users to update promptly. Bula also strongly recommends installing the update without delay.
Researcher Philip Dughgra, collaborating with Bula, noted that Docker Desktop for MacOS is less susceptible to attacks, and Linux systems are not vulnerable to this exploit. The risk is minimal for server infrastructure as most work environments on servers run on Linux. The primary threat remains for developers running non-trusted code on Windows or Mac.
This vulnerability serves as a stark reminder that even essential containerization tools can harbor critical flaws that expose the host system. For Windows users of Docker Desktop, updating to the latest version is imperative for security.