CVE-2025-3224 | THREATINT

Description

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.

PUBLISHED Reserved 2025-04-03 | Published 2025-04-28 | Updated 2025-04-28 | Assigner Docker

HIGH: 7.3CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-269 Improper Privilege Management

CWE-59 Improper Link Resolution Before File Access ('Link Following')

Product status

Default status

unaffected

Any version before 4.41.0

affected

Credits

Dong-uk Kim, KAIST Hacking Lab reporter

References

www.zerodayinitiative.com/...rivilege-and-other-great-tricks

cve.org (CVE-2025-3224)

nvd.nist.gov (CVE-2025-3224)

Download JSON