Application security, DevSecOps, Container security

Docker Desktop flaw let attackers access Windows, Mac systems

Docker logo close-up on website page

Docker on Aug. 20 fixed a critical 9.3 bug that allowed a malicious Linux container running on Docker Desktop to access user files on the host system.

However, the news of Docker’s patch followed the release of a proof-of-concept (PoC) exploit on Aug. 21 by security researcher Felix Boulet.

In its initial advisory, Docker said the flaw – CVE-2025-9074 – could let an attacker mount the host drive with the same privileges as the user running a Docker Desktop.

The flaw functions as a container-escape issue that impacts both the Windows and macOS iterations of the Docker application, which Boulet also confirmed.

Nivedita Murthy, senior staff consultant at Black Duck, explained that developers use Docker Desktop for running isolated environments and applications without touching the host system. Murthy said the Docker vulnerability essentially breaches that boundary and lets a malicious user explore the host file system that’s supposed to be out of bounds for the container.

“The developer community heavily uses Docker Desktop on their systems, which would primarily be either Windows, or in some cases Mac systems, as well,” said Murthy. “IT teams should push for updates and sound an alert to all users to upgrade immediately. They should also proactively search the organization’s assets for any installed versions of the software and either remove or upgrade them as needed to ensure organization deliver development velocity with trust.”

Randolph Barr, chief information security officer at Cequence Security, pointed out that while there are no confirmed attacks in the wild, that status can change quickly.

“Security teams should maintain active monitoring for threat intel updates and be prepared to accelerate remediation if exploitation trends shift,” said Barr. “Managing the remediation timeline isn’t just about internal patching, it’s also about keeping an eye on threats as they evolve.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds