Critical Vulnerability Found in Docker Desktop for Windows

A significant security vulnerability has been identified in Docker Desktop for Windows, allowing attackers to escalate their privileges within the system. Docker has released an update to address this issue.

The new version, 4.41.0, rectifies a flaw that could enable attackers with access to the machine to gain higher privileges during the update process of Docker Desktop (CVE-2025-3224, CVSS score of 7.3, categorized as 'high risk'). This vulnerability primarily affects the Windows version of the container software.

During the update process, Docker Desktop attempts to delete files and subfolders located in the directory C:\ProgramData\Docker\config with elevated permissions. However, this directory typically does not exist by default. Furthermore, the C:\ProgramData\ path allows users with minimal access rights to create a malicious folder structure under Docker\config. As a result, attackers can exploit the privileged update process to delete or alter arbitrary system files, leading to unauthorized privilege escalation.

Trend Micro's Zero-Day Initiative provides an overview of how file deletion can facilitate privilege escalation vulnerabilities. The updated version not only fixes this critical security gap but also introduces several enhancements. Notably, Docker Desktop is now available on Microsoft's App Store, enabling automatic updates of locally installed software.

The release notes for the update detail numerous bug fixes and enhancements applicable to all supported platforms. One notable fix addresses an issue in DockerVMM that resulted in an excessive number of open file handles on the host system. Additionally, a problem on macOS that caused increased CPU usage has been resolved.

Users can download the updated Docker Desktop installation file directly for various platforms, including Windows, Windows ARM, and Mac systems with Apple Silicon and Intel processors, as well as ready-to-use packages for Debian, RPM, or Arch.