CVE-2025-3224 HIGH

CVE-2025-3224: Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion

Vendor Docker
Product Docker Desktop
Weakness CWE-269
Published April 28, 2025
Last update April 28, 2025

CVSS base score

7.3/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.

Key dates

02Disclosure timeline

April 28, 2025 CVE published
April 28, 2025 Record updated