目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2025-9074 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Docker Desktop allows unauthenticated access to Docker Engine API from containers
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled. This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
将资源暴露给错误范围
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Docker Desktop 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Docker Desktop是美国Docker公司的一个基于容器技术的用于轻量化部署应用的桌面软件。该产品可提供桌面环境可支持在Linux/Windows/Mac OS系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。 Docker Desktop存在安全漏洞,该漏洞源于本地Linux容器可访问Docker Engine API,可能导致执行特权命令。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
DockerDocker Desktop 4.25 ~ 4.44.3 -
二、漏洞 CVE-2025-9074 的公开POC
#POC 描述源链接神龙链接
1Nonehttps://github.com/zenzue/CVE-2025-9074POC详情
2New vulnerability found in Docker. Credit for finding the vulnerability goes to Felix Boulethttps://github.com/j3r1ch0123/CVE-2025-9074POC详情
3Nonehttps://github.com/pucagit/CVE-2025-9074POC详情
4Proof-of-Concept exploit for CVE-2025-9074 - Unauthenticated Docker API exposure allowing arbitrary container creation and host filesystem access.https://github.com/OilSeller2001/PoC-for-CVE-2025-9074POC详情
5A vulnerability has been identified in Docker Desktop. A remote attacker could exploit this vulnerability to trigger security restriction bypass on the targeted system.https://github.com/BridgerAlderson/CVE-2025-9074-PoCPOC详情
6Docker API CVE-2025-9074 PoC (Proof-Of-Concept). A sophisticated exploitation framework for CVE-2025-9074, targeting unauthenticated Docker API endpoints with an integrated interactive command shell.https://github.com/xwpdx0/poc-2025-9074POC详情
7 Proof of concept exploit for CVE-2025-9074 - Unauthenticated Docker Engine API container escape affecting Docker Desktop < 4.44.3 on Windows and macOS (CVSS 9.3)https://github.com/PtechAmanja/CVE-2025-9074-Docker-Desktop-Container-EscapePOC详情
8Nonehttps://github.com/pppxo/CVE-2025-9074-PoC-BashPOC详情
9Proof-of-Concept exploit for CVE-2025-9074https://github.com/3rendil/CVE-2025-9074-POCPOC详情
10The Ultimate DAEMON_KILLER. Control is an illusion. This Exploit forces CVE-2025-9074 to break the Docker cage. Advanced Container Escape & Root Escalation toolkit. Verify the vulnerability, take the host, destroy the logs. > We Are Fsociety_https://github.com/fsoc-ghost-0x/CVE-2025-9074_DAEMON_KILLERPOC详情
11Nonehttps://github.com/zaydbf/CVE-2025-9074-PocPOC详情
12一个功能强大的 Docker 远程 API 漏洞利用工具,用于 CVE-2025-9074 漏洞的安全研究和测试。https://github.com/Shaoshi17/CVE-2025-9074-Docker-ExploitPOC详情
13🚀 Exploit CVE-2025-9074 with this Docker escape framework, simplifying API vulnerabilities and enhancing security testing for developers and researchers.https://github.com/KvzinNcpx7/CVE-2025-9074_DAEMON_KILLERPOC详情
14🛠️ Exploit CVE-2025-9074 using this API exploitation framework designed for Docker environments, enhancing your security assessment capabilities.https://github.com/KvzinNcpx7/kvzinncpx7.github.ioPOC详情
15一个容器逃逸漏洞POChttps://github.com/x0da6h/POC-for-CVE-2025-9074POC详情
16CVE-2025-9074: Docker Desktop LPE via Docker Engine API wo/ AuthN in posix shhttps://github.com/matesz44/CVE-2025-9074POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2025-9074 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: Docker Desktop
Same vendor: Docker
Same weakness: CWE-668
V. Comments for CVE-2025-9074

暂无评论

发表评论