A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
References
Link | Resource |
---|---|
https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks | Technical Description |
Configurations
History
10 May 2025, 00:57
Type | Values Removed | Values Added |
---|---|---|
First Time |
Docker
Docker desktop |
|
References | () https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks - Technical Description | |
CPE | cpe:2.3:a:docker:desktop:*:*:*:*:*:windows:*:* | |
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
29 Apr 2025, 13:52
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
28 Apr 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-04-28 20:15
Updated : 2025-05-10 00:57
NVD link : CVE-2025-3224
Mitre link : CVE-2025-3224
CVE.ORG link : CVE-2025-3224
JSON object : View
Products Affected
docker
- desktop
CWE
CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE-269Improper Privilege Management
NVD-CWE-noinfo