CVE-2025-4095

Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry.

CVSS

No CVSS.

References

Link	Resource
https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management

Configurations

No configuration.

History

02 May 2025, 13:53

Type	Values Removed	Values Added
Summary		(es) Registry Access Management (RAM) es una función de seguridad que permite a los administradores restringir el acceso de sus desarrolladores únicamente a los registros permitidos. Cuando se utiliza un perfil de configuración de macOS para forzar el inicio de sesión de la organización, no se aplican las políticas de RAM, lo que permitiría a los usuarios de Docker Desktop descargar imágenes no autorizadas y potencialmente maliciosas de cualquier registro.

29 Apr 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-29 18:15

Updated : 2025-05-02 13:53

NVD link : CVE-2025-4095

Mitre link : CVE-2025-4095

CVE.ORG link : CVE-2025-4095

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

{"id": "CVE-2025-4095", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@docker.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.3, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-29T18:15:46.180", "references": [{"url": "https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management", "source": "security@docker.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@docker.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry."}, {"lang": "es", "value": "Registry Access Management (RAM) es una funci\u00f3n de seguridad que permite a los administradores restringir el acceso de sus desarrolladores \u00fanicamente a los registros permitidos. Cuando se utiliza un perfil de configuraci\u00f3n de macOS para forzar el inicio de sesi\u00f3n de la organizaci\u00f3n, no se aplican las pol\u00edticas de RAM, lo que permitir\u00eda a los usuarios de Docker Desktop descargar im\u00e1genes no autorizadas y potencialmente maliciosas de cualquier registro."}], "lastModified": "2025-05-02T13:53:40.163", "sourceIdentifier": "security@docker.com"}