CVE-2025-9164: 
Docker Desktop vulnerability analysis and mitigation

Docker Desktop Installer.exe contains a DLL hijacking vulnerability (CVE-2025-9164) due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, affecting Docker Desktop through version 4.48.0. The vulnerability was discovered and disclosed on October 27, 2025 (NVD).

The vulnerability is classified with a CVSS v4.0 Base Score of 8.8 (HIGH) with the vector string CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C. The issue is identified as CWE-427 (Uncontrolled Search Path Element), where the installer incorrectly prioritizes the user's Downloads folder in its DLL search path (NVD).

The vulnerability allows local privilege escalation through malicious DLL placement. An attacker could exploit this by placing a malicious DLL in the user's Downloads folder, which would be loaded by the installer before legitimate system DLLs, potentially leading to arbitrary code execution with elevated privileges (NVD).

The vulnerability was patched in Docker Desktop version 4.49.0 released on October 23, 2025. Users are advised to upgrade to this version or later to mitigate the risk (Docker Release Notes).