【Vulnerability Alert】Docker Windows Version SSRF Vulnerability (CVE-2025-9074)

publish date : 2025-08-29 update date : 2025-08-29

Source: Ministry of education information & communication security contingency platform


Publication Number	TACERT-ANA-2025082603082929	Publication Time	2025/08/26 15:58
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/08/26 15:58
Impact Level	Low
[Subject] 【Vulnerability Alert】Docker Windows Version SSRF Vulnerability (CVE-2025-9074)
[Content] Forwarded from TWCERTCC-200-202508-00000016 Docker Desktop for Windows is a container management tool running on the Windows operating system, simplifying application deployment and management through container technology. Docker has released a critical security vulnerability update announcement (CVE-2025-9074, CVSS 4.x: 9.3) and provided updated versions. This is a Server-Side Request Forgery (SSRF) vulnerability that allows attackers to exploit the API to execute various privileged commands, including controlling other containers and managing images. Furthermore, this vulnerability also allows mounting the host drive with the same privileges as the user running Docker Desktop. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Docker Desktop versions prior to 4.44.3
[Recommended Actions] Update to Docker Desktop version 4.44.3 or later
[Reference] 1. https://docs.docker.com/desktop/release-notes/#4443 2. https://nvd.nist.gov/vuln/detail/CVE-2025-9074

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share