Detections
Analytics
Docker Desktop < 4.41.0 Privilege Escalation
medium Nessus Plugin ID 235121
Language:
Synopsis
The remote host has an application installed that is affected by a privilege escalation vulnerability.Description
The version of Docker Desktop for Windows is prior to 4.41.0. It is therefore affected by a privilege escalation vulnerability.A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Upgrade to Docker Desktop version 4.41.0 or laterPlugin Details
Severity: Medium
ID: 235121
File Name: docker_cve-2025-3224_win.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows
Published: 5/5/2025
Updated: 5/5/2025
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 8.4
CVSS v2
Risk Factor: Critical
Base Score: 10
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2025-3224
CVSS v3
Risk Factor: Medium
Base Score: 6.7
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Information
CPE: cpe:/a:docker:docker
Required KB Items: SMB/Registry/Enumerated, installed_sw/Docker for Windows
Patch Publication Date: 4/28/2025
Vulnerability Publication Date: 4/28/2025
Reference Information
CVE: CVE-2025-3224