CVE-2025-9164
Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0.
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C
Produtos afetados
Docker · Docker DesktopQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →