Docker Desktop 4.44.3 - Unauthenticated API Exposure
Docker Desktop versions prior to 4. 44. 3 expose the Docker Engine API on TCP port 2375 without authentication or TLS when the 'Expose daemon on tcp://localhost:2375 without TLS' option is enabled. This misconfiguration allows attackers with network access to the exposed port to send crafted API requests to the Docker daemon, enabling them to create and start containers with bind mounts to sensitive host directories. This leads to arbitrary host file access and potentially high-privilege remote code execution. The vulnerability affects Windows and macOS Docker Desktop installations. Exploit code is publicly available in Perl, demonstrating how to pull images and launch malicious containers remotely. Mitigation involves disabling unauthenticated API exposure, enforcing TLS for remote access, and restricting network access to port 2375. European organizations using Docker Desktop with this configuration are at risk, especially those with exposed or poorly segmented networks.
AI Analysis
Technical Summary
The vulnerability identified as CVE-2025-9074 affects Docker Desktop versions prior to 4.44.3 on Windows and macOS platforms. It arises from a security misconfiguration where the Docker Engine API is exposed on TCP port 2375 without TLS authentication if the user enables the 'Expose daemon on tcp://localhost:2375 without TLS' option. This API exposure allows unauthenticated local or remote attackers with network access to the port to fully control the Docker daemon. The exploit works by sending crafted API requests to the Docker daemon to create and start a container that uses bind mounts to map sensitive host filesystem directories into the container. This grants the attacker arbitrary access to host files and enables high-privilege remote code execution. The proof-of-concept exploit code, written in Perl, automates checking API availability, pulling container images, creating malicious containers with host bind mounts, and starting them to gain host access. The vulnerability is critical because it bypasses authentication entirely and leverages Docker’s powerful container management capabilities to compromise the host system. The exposure typically results from user-enabled settings intended for local testing but left enabled in production or network-exposed environments. The lack of TLS and authentication on the Docker API port 2375 is the root cause. Mitigation requires disabling this unauthenticated API exposure, enforcing TLS certificates for remote API access, and restricting network access to port 2375 via firewall rules. No official patch links are provided, but upgrading Docker Desktop beyond 4.44.3 is implied. The exploit does not require user interaction beyond network access and is effective against both Windows and macOS Docker Desktop installations.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially in environments where Docker Desktop is used for development, testing, or production container management on Windows or macOS endpoints. If the Docker daemon API is exposed without TLS and authentication, attackers can remotely execute arbitrary code with high privileges on affected hosts. This can lead to full host compromise, data theft, lateral movement within corporate networks, and disruption of containerized services. Organizations with lax network segmentation or exposed developer workstations are particularly vulnerable. The impact extends to confidentiality, integrity, and availability of systems and data. Given Docker Desktop's widespread adoption in European enterprises for containerized application development, the threat could affect a broad range of sectors including finance, manufacturing, and technology. The ability to remotely control the Docker daemon without authentication increases the attack surface and potential for supply chain or insider threat exploitation. The lack of known exploits in the wild currently reduces immediate risk, but the public availability of exploit code increases the likelihood of future attacks. The vulnerability also undermines trust in container security practices if left unmitigated.
Mitigation Recommendations
1. Immediately disable the 'Expose daemon on tcp://localhost:2375 without TLS' option in Docker Desktop settings unless strictly required for isolated testing. 2. If remote Docker API access is necessary, enforce TLS authentication using properly configured certificates to secure communications. 3. Restrict network access to TCP port 2375 using firewall rules or network segmentation to ensure only trusted hosts can connect. 4. Upgrade Docker Desktop to version 4.44.3 or later, which addresses this vulnerability. 5. Audit existing Docker Desktop installations across the organization to identify any instances with exposed unauthenticated Docker APIs. 6. Implement endpoint detection and response (EDR) monitoring for suspicious Docker API activity or unexpected container creation. 7. Educate developers and IT staff about the risks of enabling unauthenticated Docker API exposure and enforce secure configuration baselines. 8. Regularly review and update container security policies to prevent misuse of bind mounts that expose sensitive host directories. 9. Use network-level controls such as VPNs or zero-trust architectures to limit access to Docker management interfaces. 10. Monitor threat intelligence feeds for updates on exploitation attempts and emerging mitigation techniques.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Finland, Denmark, Ireland, Belgium, Italy
Indicators of Compromise
- exploit-code: # Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure # Date: 2025-10-06 # Exploit Author: OilSeller2001 # Vendor Homepage: https://www.docker.com/ # Software Link: https://www.docker.com/products/docker-desktop/ # Version: Affected on Windows and macOS versions prior to 4.44.3 # Tested on: Windows 11 + Docker Desktop 4.43.0 # Exploit Type: Remote, Local, Shellcode # Platform: Windows # CVE: CVE-2025-9074 # Description: This PoC script exploits a security misconfiguration in the unauthenticated exposure of the Docker Engine API. By sending crafted API requests directly to the Docker daemon, the script creates and starts a specially prepared container. The container leverages the bind mount feature to map sensitive directories from the host filesystem into the container, effectively granting arbitrary access to the host. This results in a high-privilege remote code execution scenario. # Vulnerability Details: The Docker Engine API (TCP port 2375) can be exposed without TLS authentication via the "Expose daemon on tcp://localhost:2375 without TLS" option in Docker Desktop. If this option is enabled, any local or remote attacker with network access to the exposed port can control the Docker daemon without authentication. # Usage: 1. Expose the Docker daemon on TCP 2375 without TLS (testing environment only). 2. Run the PoC against the target: python3 poc_cve_2025_9074.py <target_ip>:2375 3. The script will: - Check API availability - Pull an image - Create a malicious container with bind mounts to the host filesystem - Start the container, allowing access to host files # Mitigation: - Disable the unauthenticated Docker API exposure after testing. - Use TLS certificates if remote API access is required. - Restrict network access to port 2375 via firewall rules. # PoC Download Link: https://github.com/OilSeller2001/PoC-for-CVE-2025-9074
Docker Desktop 4.44.3 - Unauthenticated API Exposure
Description
Docker Desktop versions prior to 4. 44. 3 expose the Docker Engine API on TCP port 2375 without authentication or TLS when the 'Expose daemon on tcp://localhost:2375 without TLS' option is enabled. This misconfiguration allows attackers with network access to the exposed port to send crafted API requests to the Docker daemon, enabling them to create and start containers with bind mounts to sensitive host directories. This leads to arbitrary host file access and potentially high-privilege remote code execution. The vulnerability affects Windows and macOS Docker Desktop installations. Exploit code is publicly available in Perl, demonstrating how to pull images and launch malicious containers remotely. Mitigation involves disabling unauthenticated API exposure, enforcing TLS for remote access, and restricting network access to port 2375. European organizations using Docker Desktop with this configuration are at risk, especially those with exposed or poorly segmented networks.
AI-Powered Analysis
Technical Analysis
The vulnerability identified as CVE-2025-9074 affects Docker Desktop versions prior to 4.44.3 on Windows and macOS platforms. It arises from a security misconfiguration where the Docker Engine API is exposed on TCP port 2375 without TLS authentication if the user enables the 'Expose daemon on tcp://localhost:2375 without TLS' option. This API exposure allows unauthenticated local or remote attackers with network access to the port to fully control the Docker daemon. The exploit works by sending crafted API requests to the Docker daemon to create and start a container that uses bind mounts to map sensitive host filesystem directories into the container. This grants the attacker arbitrary access to host files and enables high-privilege remote code execution. The proof-of-concept exploit code, written in Perl, automates checking API availability, pulling container images, creating malicious containers with host bind mounts, and starting them to gain host access. The vulnerability is critical because it bypasses authentication entirely and leverages Docker’s powerful container management capabilities to compromise the host system. The exposure typically results from user-enabled settings intended for local testing but left enabled in production or network-exposed environments. The lack of TLS and authentication on the Docker API port 2375 is the root cause. Mitigation requires disabling this unauthenticated API exposure, enforcing TLS certificates for remote API access, and restricting network access to port 2375 via firewall rules. No official patch links are provided, but upgrading Docker Desktop beyond 4.44.3 is implied. The exploit does not require user interaction beyond network access and is effective against both Windows and macOS Docker Desktop installations.
Potential Impact
For European organizations, this vulnerability poses a significant risk especially in environments where Docker Desktop is used for development, testing, or production container management on Windows or macOS endpoints. If the Docker daemon API is exposed without TLS and authentication, attackers can remotely execute arbitrary code with high privileges on affected hosts. This can lead to full host compromise, data theft, lateral movement within corporate networks, and disruption of containerized services. Organizations with lax network segmentation or exposed developer workstations are particularly vulnerable. The impact extends to confidentiality, integrity, and availability of systems and data. Given Docker Desktop's widespread adoption in European enterprises for containerized application development, the threat could affect a broad range of sectors including finance, manufacturing, and technology. The ability to remotely control the Docker daemon without authentication increases the attack surface and potential for supply chain or insider threat exploitation. The lack of known exploits in the wild currently reduces immediate risk, but the public availability of exploit code increases the likelihood of future attacks. The vulnerability also undermines trust in container security practices if left unmitigated.
Mitigation Recommendations
1. Immediately disable the 'Expose daemon on tcp://localhost:2375 without TLS' option in Docker Desktop settings unless strictly required for isolated testing. 2. If remote Docker API access is necessary, enforce TLS authentication using properly configured certificates to secure communications. 3. Restrict network access to TCP port 2375 using firewall rules or network segmentation to ensure only trusted hosts can connect. 4. Upgrade Docker Desktop to version 4.44.3 or later, which addresses this vulnerability. 5. Audit existing Docker Desktop installations across the organization to identify any instances with exposed unauthenticated Docker APIs. 6. Implement endpoint detection and response (EDR) monitoring for suspicious Docker API activity or unexpected container creation. 7. Educate developers and IT staff about the risks of enabling unauthenticated Docker API exposure and enforce secure configuration baselines. 8. Regularly review and update container security policies to prevent misuse of bind mounts that expose sensitive host directories. 9. Use network-level controls such as VPNs or zero-trust architectures to limit access to Docker management interfaces. 10. Monitor threat intelligence feeds for updates on exploitation attempts and emerging mitigation techniques.
Technical Details
- Edb Id
- 52472
- Has Exploit Code
- true
- Code Language
- perl
Indicators of Compromise
Exploit Source Code
Exploit code for Docker Desktop 4.44.3 - Unauthenticated API Exposure
# Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure # Date: 2025-10-06 # Exploit Author: OilSeller2001 # Vendor Homepage: https://www.docker.com/ # Software Link: https://www.docker.com/products/docker-desktop/ # Version: Affected on Windows and macOS versions prior to 4.44.3 # Tested on: Windows 11 + Docker Desktop 4.43.0 # Exploit Type: Remote, Local, Shellcode # Platform: Windows # CVE: CVE-2025-9074 # Description: This PoC script exploits a security misconfiguration in th... (1404 more characters)
Threat ID: 69845ddcf9fa50a62f0fd4b0
Added to database: 2/5/2026, 9:07:40 AM
Last enriched: 2/5/2026, 9:09:58 AM
Last updated: 2/5/2026, 6:46:33 PM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
SIEM Rules for detecting exploitation of vulnerabilities in FortiCloud SSO
MediumChina-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns
MediumMalicious NGINX Configurations Enable Large-Scale Web Traffic Hijacking Campaign
MediumFortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
Criticalaiohttp 3.9.1 - directory traversal PoC
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.