Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.

The vulnerability, tracked as CVE-2025-9074 , carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.

"A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted," Docker said in an advisory released last week.

"This could allow unauthorized access to user files on the host system. Enhanced Container Isolation (ECI) does not mitigate this vulnerability."

According to security researcher Felix Boulet, the vulnerability has to do with how it's possible for

See Full Page