CVE-2025-9164: 
Docker Desktop vulnerability analysis and mitigation

Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement. This vulnerability affects Docker Desktop versions through 4.48.0 and was disclosed on October 27, 2025 (NVD, AttackerKB).

The vulnerability is classified as CWE-427 (Uncontrolled Search Path Element) and has received a CVSS v4.0 base score of 8.8 (HIGH) with the vector string CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C. The issue stems from the Docker Desktop installer's improper DLL search order implementation, where it checks the user's Downloads folder for required DLLs before system directories (NVD).

The vulnerability enables local privilege escalation through malicious DLL placement, potentially allowing attackers to execute code with elevated privileges during the installation process. This could lead to system compromise and unauthorized access to sensitive resources (NVD).

The vulnerability was patched in Docker Desktop version 4.49.0. Users are advised to upgrade to this version or later to mitigate the risk. The fix addresses the insecure DLL search order in the installer (Docker Release Notes).