Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Docker Desktop for Windows

27 August 2025

Docker has released security updates addressing a critical-severity vulnerability (CVE-2025-9074) in Docker Desktop for Windows. Users and administrators are advised to update to the latest version immediately.

Background

Docker has released security updates addressing a critical-severity vulnerability (CVE-2025-9074) in Docker Desktop for Windows.

Impact

CVE-2025-9074 is a server-side request forgery (SSRF) vulnerability in Docker Desktop for Windows. Successful exploitation of this vulnerability could allow an attacker unauthorised access to user files on the host system.

Affected Products

Docker Desktop for Windows version 4.44.2 and earlier

Mitigation

Users and administrators of affected product versions are strongly advised to update to the latest versions immediately.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-9074

https://docs.docker.com/desktop/release-notes/#4443

https://www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/

https://blog.qwertysecurity.com/Articles/blog3

Back to top