CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
Configurations

Configuration 1 (hide)

cpe:2.3:a:docker:desktop:*:*:*:*:*:windows:*:*

History

10 May 2025, 00:57

Type Values Removed Values Added
First Time Docker
Docker desktop
References () https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks - () https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks - Technical Description
CPE cpe:2.3:a:docker:desktop:*:*:*:*:*:windows:*:*
CWE NVD-CWE-noinfo
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

29 Apr 2025, 13:52

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en el proceso de actualización de Docker Desktop para versiones de Windows anteriores a la 4.41.0 podría permitir que un atacante local con pocos privilegios aumente los privilegios a SYSTEM. Durante una actualización, Docker Desktop intenta eliminar archivos y subdirectorios en la ruta C:\ProgramData\Docker\config con privilegios elevados. Sin embargo, este directorio no suele existir por defecto, y C:\ProgramData\ permite a los usuarios crear nuevos directorios. Al crear una estructura de carpetas Docker\config maliciosa en esta ubicación, un atacante puede forzar el proceso de actualización con privilegios para que elimine o manipule archivos arbitrarios del sistema, lo que provoca una elevación de privilegios.

28 Apr 2025, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-04-28 20:15

Updated : 2025-05-10 00:57


NVD link : CVE-2025-3224

Mitre link : CVE-2025-3224

CVE.ORG link : CVE-2025-3224


JSON object : View

Products Affected

docker

  • desktop
CWE
CWE-59

Improper Link Resolution Before File Access ('Link Following')

CWE-269

Improper Privilege Management

NVD-CWE-noinfo