What is the severity of CVE-2025-3224?

CVE-2025-3224 is rated as a medium severity vulnerability due to its capability to allow local privilege escalation.

How do I fix CVE-2025-3224?

To fix CVE-2025-3224, upgrade Docker Desktop for Windows to version 4.41.0 or later.

What versions of Docker Desktop are affected by CVE-2025-3224?

Docker Desktop for Windows versions prior to 4.41.0 are affected by CVE-2025-3224.

Who can exploit CVE-2025-3224?

CVE-2025-3224 can be exploited by a local, low-privileged attacker who has access to the affected system.

What is the potential impact of CVE-2025-3224?

The potential impact of CVE-2025-3224 includes privilege escalation to SYSTEM level on the affected Windows system.

Vulnerability/
CVE-2025-3224

high

7.3

CWE

269 59

28/4/2025

29/4/2025

CVE-2025-3224: Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion

First published: Mon Apr 28 2025(Updated: )

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.

Credit: security@docker.com

Affected Software	Affected Version	How to fix
Docker Desktop	<4.41.0

Never miss a vulnerability like this again

Reference Links

https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks

Frequently Asked Questions

What is the severity of CVE-2025-3224?
CVE-2025-3224 is rated as a medium severity vulnerability due to its capability to allow local privilege escalation.
How do I fix CVE-2025-3224?
To fix CVE-2025-3224, upgrade Docker Desktop for Windows to version 4.41.0 or later.
What versions of Docker Desktop are affected by CVE-2025-3224?
Docker Desktop for Windows versions prior to 4.41.0 are affected by CVE-2025-3224.
Who can exploit CVE-2025-3224?
CVE-2025-3224 can be exploited by a local, low-privileged attacker who has access to the affected system.
What is the potential impact of CVE-2025-3224?
The potential impact of CVE-2025-3224 includes privilege escalation to SYSTEM level on the affected Windows system.

collector/mitre-cve
source/MITRE
agent/title
agent/weakness
agent/references
agent/first-publish-date
agent/description
agent/type
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/severity
agent/author
agent/last-modified-date
agent/source
agent/tags
agent/event
vendor/docker
canonical/docker desktop

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.