CVE-2025-9074 (CNNVD-202508-2370)
中文标题:
Docker Desktop 安全漏洞
英文标题:
Docker Desktop allows unauthenticated access to Docker Engine API from containers
漏洞描述
中文描述:
Docker Desktop是美国Docker公司的一个基于容器技术的用于轻量化部署应用的桌面软件。该产品可提供桌面环境可支持在Linux/Windows/Mac OS系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。 Docker Desktop存在安全漏洞,该漏洞源于本地Linux容器可访问Docker Engine API,可能导致执行特权命令。
英文描述:
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Docker | Docker Desktop | - | < 4.44.3 | - |
cpe:2.3:a:docker:docker_desktop:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
nvd.nist.gov
nvd.nist.gov
nvd.nist.gov
nvd.nist.gov
nvd.nist.gov
nvd.nist.gov
CVSS评分详情
4.0 (cna)
CRITICALCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-9074 |
2025-11-11 15:23:37 | 2025-11-11 07:40:53 |
| NVD | nvd_CVE-2025-9074 |
2025-11-11 15:01:00 | 2025-11-11 07:48:40 |
| CNNVD | cnnvd_CNNVD-202508-2370 |
2025-11-11 15:12:54 | 2025-11-11 08:00:06 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 其他
- cnnvd_id: 未提取 -> CNNVD-202508-2370
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- references_count: 1 -> 7
- data_sources: ['cve'] -> ['cve', 'nvd']