CVE ID : CVE-2025-3224
Published : April 28, 2025, 8:15 p.m. | 2 hours, 50 minutes ago
Description : A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:ProgramDataDockerconfig with high privileges. However, this directory often does not exist by default, and C:ProgramData allows normal users to create new directories. By creating a malicious Dockerconfig folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More