Docker CLI
CVE-2025-15558
HIGH
Severity by source
Sources disagree (Low–High)CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X
Local low-privileged attacker plants a binary (AV:L/PR:L); a privileged victim must invoke Docker to trigger it (UI:R), yielding full code execution in the victim context (C/I/A:H).
AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.
CVSS VectorVendor: docker
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X
Lifecycle Timeline
9DescriptionCVE.org
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.
This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager package, such as Docker Compose.
This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.
AnalysisAI
Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.
Technical ContextAI
The root cause is CWE-427 (Uncontrolled Search Path Element / binary planting). The github.com/docker/cli/cli-plugins/manager package on Windows resolves CLI plugins by searching C:\ProgramData\Docker\cli-plugins for executables named docker-<plugin>.exe. ProgramData subdirectories that are created by an installer typically inherit restrictive ACLs, but when a directory does not exist by default, a standard user can create it and thereby control its initial ACLs and contents. Any Windows binary that embeds this plugin-manager code (Docker Compose, Buildx, and Docker Desktop itself) inherits the flaw. The affected component per CPE is cpe:2.3:a:docker:command_line_interface, and the issue is Windows-specific; non-Windows binaries and projects that do not use the plugin-manager code are unaffected.
RemediationAI
Patch available per vendor advisory; the upstream fix is in https://github.com/docker/cli/pull/6713, so upgrade Docker CLI / Docker Desktop on Windows to the first release that includes that fix above 29.1.5 (consult https://docs.docker.com/desktop/release-notes/ for the exact tagged version, which is not independently confirmed in this data - do not assume a version number). As a compensating control until patched, pre-create C:\ProgramData\Docker\cli-plugins as an administrator and set its ACL to deny write/create for non-administrative users (Authenticated Users / Users), which removes the attacker's ability to plant binaries; the trade-off is that any legitimately installed extra plugins must then be deployed by an administrator. Additionally, avoid running the Docker CLI as a privileged user when not required, since the high impact depends on a privileged victim invoking the planted plugin. Verify no rogue docker-*.exe files already exist in that path before locking it down.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-427 – Uncontrolled Search Path Element
View allSame technique Privilege Escalation
View allVendor StatusVendor
SUSE
Severity: Low| Product | Status |
|---|---|
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-p436-gjf2-799p