CVE-2025-3224 Information
Apr 29, 2025
cve
Description
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local low-privileged attacker to escalate privileges to SYSTEM. During an update Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However this directory often does not exist by default and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location an attacker can force the privileged update process to delete or manipulate arbitrary system files leading to Elevation of Privilege.