Skip to main content Tech Radar Pro Tech Radar Gaming Close main menu the business technology experts België (Nederlands) Deutschland North America US (English) Australasia New Zealand View Profile Search TechRadar Expert Insights Website builders Web hosting Best web hosting Best office chairs Best website builder Best antivirus Expert Insights Recommended reading Zoom patches worrying security Windows flaw - make sure you're protected, update now WinRAR has a serious security flaw - worrying zero-day issue lets hackers plant malware, so patch right away Microsoft releases urgent SharePoint security flaw patches - here's what you need to know, and how to update Key Linux systems may have security flaws which allow password theft Several major Linux distros hit by serious Sudo security flaws Security flaws in key Nvidia enterprise tool could have let hackers run malware on Windows and Linux systems Misconfigured Docker instances are being hacked to mine cryptocurrency A critical Docker Desktop security flaw puts Windows hosts at risk of attack, so patch now Sead Fadilpašić 26 August 2025 Docker patches critical bug in Windows and macOS When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Shutterstock) Researchers find 9.3/10 flaw in Docker Desktop for Windows and macOS The bug allows threat actors to compromise underlying hosts and tamper with data A fix was quickly released, so users should patch now Docker has patched a critical severity vulnerability in its Desktop app for Windows and macOS which could have allowed threat actors to fully take over vulnerable hosts, exfiltrate sensitive data, and more. The vulnerability is described as a server-side request forgery (SSRF) and, according to the NVD, it “allows local running Linux containers to access the Docker Engine API via the configured Docker subnet.” “A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted,” Docker said in a follow-up security advisory. “This could allow unauthorized access to user files on the host system. Enhanced Container Isolation (ECI) does not mitigate this vulnerability.” You may like Zoom patches worrying security Windows flaw - make sure you're protected, update now WinRAR has a serious security flaw - worrying zero-day issue lets hackers plant malware, so patch right away Microsoft releases urgent SharePoint security flaw patches - here's what you need to know, and how to update Not all systems are affected in the same way The bug was discovered and reported by security researcher Felix Boulet. It is now tracked as CVE-2025-9074 and was given a severity rating of 9.3/10 (critical). However, a separate researcher, Philippe Dugre, stressed that the risk is not the same on all platforms, noting it’s actually somewhat greater on Windows, compared to macOS. This is due to the safeguards baked into the macOS operating system. Dugre managed to create a file in the user’s home directory on Windows, but not on macOS: "On Windows, since the Docker Engine runs via WSL2, the attacker can mount as an administrator the entire filesystem, read any sensitive file, and ultimately overwrite a system DLL to escalate the attacker to administrator of the host system," Dugre explained. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. "On MacOS, however, the Docker Desktop application still has a layer of isolation and trying to mount a user directory prompts the user for permission. By default, the docker application does not have access to the rest of the filesystem and does not run with administrative privileges, so the host is a lot safer than in the Windows case," he added. Docker fixed it in Desktop version 4.44.3, so users are advised to upgrade as soon as possible. Via BleepingComputer You might also like Docker could still be hosting a whole load of potentially malicious images - putting users at risk Take a look at our guide to the best authenticator app We've rounded up the best password managers Sead Fadilpašić Social Links Navigation Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. Zoom patches worrying security Windows flaw - make sure you're protected, update now WinRAR has a serious security flaw - worrying zero-day issue lets hackers plant malware, so patch right away Microsoft releases urgent SharePoint security flaw patches - here's what you need to know, and how to update Key Linux systems may have security flaws which allow password theft Several major Linux distros hit by serious Sudo security flaws Security flaws in key Nvidia enterprise tool could have let hackers run malware on Windows and Linux systems Latest in Security Hackers are looking to steal Microsoft logins using some devious new tricks - here's how to stay safe Multiple top password managers vulnerable to password stealing clickjacking attacks - here’s what we know A disgruntled worker built his own kill-switch malware to take down his former employer - and it didn't pay off Attackers claim they hacked Nissan's design studio and stole 4TB of data Colt confirms customer data stolen as Warlock ransomware crew auctions off details US judge sentences Scattered Spider member sentenced to 10 years in prison Latest in News Garmin Fenix 8 users are getting loads of new features for free – including one it should have had at launch The iPhone 17 Pro might be able to wirelessly charge your AirPods Android Auto looks set to get a useful Gemini upgrade – and a refreshed look Russia wants to ban Google Meet - but probably not for the reason you might expect A shocking lawsuit against Amazon makes me want to cancel my Prime Video subscription immediately Google NotebookLM goes global with multilingual AI video summaries of your notes LATEST ARTICLES A shocking lawsuit against Amazon makes me want to cancel my Prime Video subscription immediately Levoit CirculAir Oscillating Fan review: a versatile pedestal air circulator that’s ridiculously good I tested Cambridge's Evo 150 SE streaming amp and it is as high-performing a just-add-speakers system can possibly be, for this money Russia wants to ban Google Meet - but probably not for the reason you might expect The iPhone 17 Pro might be able to wirelessly charge your AirPods TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Contact Future's experts Terms and conditions Privacy policy Cookies policy Advertise with us Web notifications Accessibility Statement Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...