Tag Archives: Docker

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The security issue is a server-side request forgery (SSRF) now identified as CVE-2025-9074, and it received a critical severity rating of 9.3. “A malicious container running on Docker Desktop could access the Docker Engine …

Docker has patched a critical hole in Docker Desktop that let a container break out and take control of the host machine with laughable ease. The bug, tracked as CVE-2025-9074 and scoring 9.3 on the CVSS scale, left Docker’s internal Engine API wide open on “192.168.65.7:2375.” Any container could talk to it without authentication, which meant mounting drives and messing …