Critical Docker Desktop flaw lets attackers hijack Windows hosts

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active.

The security issue is a server-side request forgery (SSRF) now identified as CVE-2025-9074, and it received a critical severity rating of 9.3. Dugre says that the vulnerability is easy to leverage, and his exploit confirms this as it consists of just three lines of Python code. The vulnerability was reported responsibly to Docker, who responded quickly and addressed it in a new Docker Desktop version, 4.44.3, released last week.

To read the complete article see: Critical Docker Desktop flaw lets attackers hijack Windows hosts