Docker Patches Severe Security Flaw in Desktop Software
Docker has patched a severe security flaw in its Desktop software for Windows and macOS. The vulnerability, discovered by researchers Felix Boulet and Philippe Dugre, could have allowed attackers to escape container boundaries and potentially compromise the host system.
The vulnerability, tracked as CVE-2025-9074, has been rated critical with a CVSS score of 9.3. It could have led to host file access, container management, and even full host compromise. Docker has addressed this issue in version 4.44.3 of Docker Desktop.
The vulnerability allows an attacker to break out of the confines of a container and potentially access the Docker Engine. This could have significant implications for systems running Docker Desktop, as it could allow unauthorized access and control over the host system.
Docker has fixed the critical vulnerability in Docker Desktop for Windows and macOS. Users are advised to update to version 4.44.3 to ensure their systems are protected. The discovery of this vulnerability highlights the importance of keeping software up-to-date and the need for robust security measures to protect against potential attacks.
