Skip to main content

Docker (Alpine Linux) CVE-2025-54388

MEDIUM
N/A vendor:alpine
Share

Lifecycle Timeline

1
Analysis Generated
May 27, 2026 - 22:56 vuln.today

DescriptionCVE.org

Alpine Linux: docker fixed in 28.3.3-r0

AnalysisAI

Docker on Alpine Linux contains an uncharacterized vulnerability addressed in the 28.3.3-r0 Alpine package release. The sparse disclosure - a single-line vendor advisory from Alpine Linux with no CVSS score, CWE, or technical description - means the specific vulnerability class, attack surface, and impact are not determinable from available data. With an EPSS score of 0.03% (10th percentile), exploitation probability is assessed as very low at this time, and no public exploit code or CISA KEV listing has been identified.

Technical ContextAI

The affected product is Docker, the container runtime platform, packaged for Alpine Linux. The fix version 28.3.3-r0 follows Alpine Linux's package versioning convention where '28.3.3' is the upstream Docker version and '-r0' denotes the first Alpine revision of that release. No CWE has been assigned, so the root cause class - whether memory corruption, authentication bypass, privilege escalation, or another category - is entirely unconfirmed. No CPE strings were provided, but the affected scope is Docker installations on Alpine Linux systems running versions prior to the 28.3.3-r0 package. The underlying vulnerability may exist in Docker's daemon, CLI, container runtime interface, or a bundled dependency, but this cannot be determined from available data.

Affected ProductsAI

Docker as packaged for Alpine Linux in versions prior to 28.3.3-r0 is confirmed affected per the Alpine Linux vendor advisory. The upstream Docker version corresponding to the fix is 28.3.3. No CPE strings were provided in the source data, and the exact floor of affected versions (i.e., how far back the vulnerability exists) is unknown. No other Linux distributions or operating systems are mentioned in the disclosure, though the underlying vulnerability may exist in upstream Docker releases independently of the Alpine packaging.

RemediationAI

Upgrade the Docker package on Alpine Linux to version 28.3.3-r0 or later using the Alpine package manager: 'apk upgrade docker'. This is the vendor-confirmed fix version per the Alpine Linux advisory. No upstream Docker advisory URL was provided in the source data, and no workarounds are documented. Because the vulnerability class is unknown, no specific compensating controls can be responsibly recommended beyond ensuring the Docker daemon is not unnecessarily exposed to untrusted networks and that container workloads operate under least-privilege principles. Monitor the NVD entry and the Alpine Linux security tracker for additional details as they become available.

More in Docker

View all
CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2019-5736 HIGH POC
8.6 Feb 11

runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac

CVE-2023-32077 HIGH POC
7.5 Aug 24

Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2023-5815 HIGH POC
8.1 Nov 22

The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post

CVE-2014-9357 CRITICAL
10.0 Dec 16

Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build

CVE-2026-34156 CRITICAL POC
9.9 Mar 30

Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l

CVE-2019-15752 HIGH POC
7.8 Aug 28

Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c

CVE-2025-34221 CRITICAL POC
10.0 Sep 29

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2

CVE-2024-23054 CRITICAL POC
9.8 Feb 05

An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du

CVE-2025-23211 CRITICAL POC
9.9 Jan 28

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve

CVE-2026-46339 CRITICAL POC
10.0 May 19

Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at

Share

CVE-2025-54388 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy