CVE-2025-9074: 
Docker Desktop 脆弱性の分析と軽減

A critical vulnerability (CVE-2025-9074) was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet at 192.168.65.7:2375 by default. The vulnerability affects Docker Desktop for Windows and macOS, with a CVSS score of 9.3. Discovered in August 2025, this flaw exists regardless of Enhanced Container Isolation (ECI) status or the 'Expose daemon on tcp://localhost:2375 without TLS' setting (NVD, Docker Release Notes).

The vulnerability stems from Docker's internal HTTP API being exposed without authentication or access controls, allowing any container to access the Docker Engine API. This creates a critical security boundary violation that enables execution of privileged commands to the engine API, including controlling other containers, creating new ones, and managing images. The flaw received a Critical CVSS v4.0 score of 9.3 with the vector string CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H. The vulnerability does not affect Linux installations as they use a named pipe on the host's filesystem rather than a TCP socket (Pvotal Tech, NVD).

The impact varies by platform. On Windows, attackers can mount the host filesystem as administrator, read sensitive files, and potentially escalate to administrator privileges by overwriting system DLLs. On macOS, while the Docker Desktop application maintains some isolation, attackers can still gain full control of the Docker application and containers, including the ability to backdoor the application by mounting and modifying its configuration. The vulnerability can be exploited through malicious containers or via Server-Side Request Forgery (SSRF) attacks (Pvotal Tech, Hacker News).

Docker has addressed this vulnerability in Docker Desktop version 4.44.3. Users of Docker Desktop on Windows and macOS should immediately update to this version or later to mitigate the risk. The vulnerability does not affect Linux installations due to their different socket implementation. No additional workarounds are necessary once the update is applied (Docker Release Notes, Hacker News).