Skip to main content

Docker CLI CVE-2025-15558

HIGH
Uncontrolled Search Path Element (CWE-427)
2026-03-04 security@docker.com GHSA-p436-gjf2-799p
High
Disputed · 7.0 Vendor: docker
Share

Severity by source

Sources disagree (Low–High)
Vendor (docker) PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X
vuln.today AI
7.3 HIGH

Local low-privileged attacker plants a binary (AV:L/PR:L); a privileged victim must invoke Docker to trigger it (UI:R), yielding full code execution in the victim context (C/I/A:H).

3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
SUSE
3.1 LOW
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Red Hat
7.3 HIGH
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: docker

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

9
Analysis Updated
Jun 30, 2026 - 05:07 vuln.today
v5 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 05:06 vuln.today
v4 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 05:05 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 30, 2026 - 05:04 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 30, 2026 - 03:24 vuln.today
cvss_changed
CVSS changed
Jun 30, 2026 - 03:24 NVD
8.0 (HIGH) 7.0 (HIGH)
Analysis Generated
Mar 12, 2026 - 22:05 vuln.today
Patch released
Mar 09, 2026 - 17:38 nvd
Patch available
CVE Published
Mar 04, 2026 - 17:16 nvd
HIGH 8.0

DescriptionCVE.org

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.

This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose.

This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.

AnalysisAI

Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.

Technical ContextAI

The root cause is CWE-427 (Uncontrolled Search Path Element / binary planting). The github.com/docker/cli/cli-plugins/manager package on Windows resolves CLI plugins by searching C:\ProgramData\Docker\cli-plugins for executables named docker-<plugin>.exe. ProgramData subdirectories that are created by an installer typically inherit restrictive ACLs, but when a directory does not exist by default, a standard user can create it and thereby control its initial ACLs and contents. Any Windows binary that embeds this plugin-manager code (Docker Compose, Buildx, and Docker Desktop itself) inherits the flaw. The affected component per CPE is cpe:2.3:a:docker:command_line_interface, and the issue is Windows-specific; non-Windows binaries and projects that do not use the plugin-manager code are unaffected.

RemediationAI

Patch available per vendor advisory; the upstream fix is in https://github.com/docker/cli/pull/6713, so upgrade Docker CLI / Docker Desktop on Windows to the first release that includes that fix above 29.1.5 (consult https://docs.docker.com/desktop/release-notes/ for the exact tagged version, which is not independently confirmed in this data - do not assume a version number). As a compensating control until patched, pre-create C:\ProgramData\Docker\cli-plugins as an administrator and set its ACL to deny write/create for non-administrative users (Authenticated Users / Users), which removes the attacker's ability to plant binaries; the trade-off is that any legitimately installed extra plugins must then be deployed by an administrator. Additionally, avoid running the Docker CLI as a privileged user when not required, since the high impact depends on a privileged victim invoking the planted plugin. Verify no rogue docker-*.exe files already exist in that path before locking it down.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Vendor StatusVendor

SUSE

Severity: Low
Product Status
openSUSE Tumbleweed Fixed

Share

CVE-2025-15558 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy