CVE-2025-9074 is a critical vulnerability identified in Docker Desktop version 4.25 that allows local Linux containers to access the Docker Engine API through the configured Docker subnet (default 192.168.65.7:2375). This exposure occurs regardless of whether Enhanced Container Isolation (ECI) is enabled or if the option "Expose daemon on tcp://localhost:2375 without TLS" is disabled. The vulnerability stems from an improper exposure of resources to an incorrect security sphere (CWE-668), meaning that containers, which should be isolated, can interact directly with the Docker Engine API. This API access enables attackers to execute privileged commands such as controlling existing containers, creating new containers, managing images, and potentially escalating privileges. In particular, on Docker Desktop for Windows using the WSL backend, the vulnerability can allow mounting the host drive with the same privileges as the user running Docker Desktop, significantly increasing the risk of host compromise. The CVSS 4.0 score of 9.3 (critical) reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges or authentication, although user interaction is required. No known exploits are currently in the wild, but the potential for abuse is substantial given the broad control over the Docker environment that this vulnerability grants.

For European organizations, this vulnerability poses a severe risk, especially those relying on Docker Desktop for development, testing, or production environments. Unauthorized access to the Docker Engine API can lead to full container and host compromise, data exfiltration, unauthorized deployment of malicious containers, and disruption of containerized services. Organizations using Docker Desktop on Windows with WSL backend are at heightened risk due to the ability to mount host drives with user-level privileges, potentially exposing sensitive files and credentials. Given the widespread adoption of Docker in European IT infrastructures, including in finance, healthcare, and critical infrastructure sectors, exploitation could lead to significant operational disruption, regulatory non-compliance (e.g., GDPR breaches), and reputational damage. The vulnerability's ability to bypass isolation mechanisms undermines container security models, increasing the attack surface for lateral movement within corporate networks.

To mitigate this vulnerability, European organizations should immediately upgrade Docker Desktop to a patched version once available from Docker. Until a patch is released, organizations should disable or restrict access to the Docker Engine API on the subnet 192.168.65.7:2375 by implementing strict firewall rules or network segmentation to prevent container access to this endpoint. Avoid running untrusted or unnecessary containers locally, and limit user permissions on Docker Desktop hosts to reduce the impact of potential exploitation. On Windows systems using WSL backend, restrict or monitor mounting operations and consider disabling WSL integration if not essential. Employ runtime security tools that monitor Docker API calls and container behaviors to detect anomalous activities. Additionally, enforce multi-factor authentication and least privilege principles for users managing Docker environments. Regularly audit Docker configurations to ensure that options exposing the daemon without TLS are disabled and that Enhanced Container Isolation settings are properly configured.