{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-15558","assignerOrgId":"686469e6-3ff6-451b-ab8b-cf5b9e89401e","state":"PUBLISHED","assignerShortName":"Docker","dateReserved":"2026-02-03T19:51:18.184Z","datePublished":"2026-03-04T16:14:32.045Z","dateUpdated":"2026-06-30T12:07:21.534Z"},"containers":{"cna":{"affected":[{"defaultStatus":"affected","platforms":["Windows"],"product":"Docker CLI","vendor":"Docker","versions":[{"status":"unaffected","version":"29.2.0","versionType":"semver"}]},{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Compose","vendor":"Docker","versions":[{"status":"unaffected","version":"5.1.0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Docker CLI for Windows searches for plugin binaries in <code>C:\\ProgramData\\Docker\\cli-plugins</code>, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the <code>docker</code>&nbsp;CLI is executed as a privileged user.</p><p>This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the <a target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager\"><code>github.com/docker/cli/cli-plugins/manager</code></a>&nbsp;package, such as Docker Compose.</p><p>This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.</p><p></p>"}],"value":"Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.\n\nThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the  github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose.\n\nThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code."}],"impacts":[{"capecId":"CAPEC-38","descriptions":[{"lang":"en","value":"CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]},{"capecId":"CAPEC-471","descriptions":[{"lang":"en","value":"CAPEC-471 Search Order Hijacking"}]},{"capecId":"CAPEC-640","descriptions":[{"lang":"en","value":"CAPEC-640 Inclusion of Code in Existing Process"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":7,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"PASSIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"CWE-427 Uncontrolled Search Path Element","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"686469e6-3ff6-451b-ab8b-cf5b9e89401e","shortName":"Docker","dateUpdated":"2026-03-04T16:14:32.045Z"},"references":[{"url":"https://docs.docker.com/desktop/release-notes/"},{"tags":["third-party-advisory"],"url":"https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/"},{"tags":["patch"],"url":"https://github.com/docker/cli/pull/6713"}],"source":{"discovery":"EXTERNAL"},"title":"Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-04T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2025-15558"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-05T04:55:47.099Z"}},{"affected":[{"cpes":["cpe:/a:redhat:assisted_installer:2"],"defaultStatus":"unaffected","product":"Assisted Installer for Red Hat OpenShift Container Platform 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_builds:1"],"defaultStatus":"unaffected","product":"Builds for Red Hat OpenShift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:gatekeeper:3"],"defaultStatus":"unaffected","product":"Gatekeeper 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:kernel_module_management:2"],"defaultStatus":"unaffected","product":"Kernel Module Management Operator for Red Hat Openshift","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:workload_availability_mdr:0"],"defaultStatus":"unaffected","product":"Machine Deletion Remediation Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_engine"],"defaultStatus":"unaffected","product":"Multicluster Engine for Kubernetes","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:multicluster_globalhub"],"defaultStatus":"unaffected","product":"Multicluster Global Hub","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"unaffected","product":"OpenShift Pipelines","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:serverless:1"],"defaultStatus":"unaffected","product":"OpenShift Serverless","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:2"],"defaultStatus":"unaffected","product":"OpenShift Service Mesh 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:service_mesh:3"],"defaultStatus":"unaffected","product":"OpenShift Service Mesh 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:acm:2"],"defaultStatus":"unaffected","product":"Red Hat Advanced Cluster Management for Kubernetes 2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:advanced_cluster_security:4"],"defaultStatus":"unaffected","product":"Red Hat Advanced Cluster Security 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"unaffected","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Dev Spaces","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:windows_machine_config"],"defaultStatus":"unaffected","product":"Red Hat OpenShift for Windows Containers","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_gitops:1"],"defaultStatus":"unaffected","product":"Red Hat OpenShift GitOps","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:container_native_virtualization:4"],"defaultStatus":"unaffected","product":"Red Hat OpenShift Virtualization 4","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:16.2"],"defaultStatus":"unaffected","product":"Red Hat OpenStack Platform 16.2","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:17.1"],"defaultStatus":"unaffected","product":"Red Hat OpenStack Platform 17.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openstack:18.0"],"defaultStatus":"unaffected","product":"Red Hat OpenStack Platform 18.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:quay:3"],"defaultStatus":"unaffected","product":"Red Hat Quay 3","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"unaffected","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_security_profiles_operator:1"],"defaultStatus":"unaffected","product":"Security Profiles Operator","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:1"],"defaultStatus":"unaffected","product":"Zero Trust Workload Identity Manager","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"],"defaultStatus":"unaffected","product":"Zero Trust Workload Identity Manager - Tech Preview","vendor":"Red Hat"}],"datePublic":"2026-03-04T16:14:32.045Z","descriptions":[{"lang":"en","value":"A flaw was found in Docker CLI for Windows. A low-privileged attacker can exploit this vulnerability by creating a specific directory, C:\\ProgramData\\Docker\\cli-plugins, which does not exist by default. By placing malicious plugin binaries in this directory, an attacker can achieve privilege escalation when a victim user opens Docker Desktop or uses Docker CLI plugin features, provided the Docker CLI is executed with elevated privileges."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"Uncontrolled Search Path Element","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-15558"},{"name":"RHBZ#2444574","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444574"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15558.json"}],"timeline":[{"lang":"en","time":"2026-03-04T17:01:09.062Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-03-04T16:14:32.045Z","value":"Made public."}],"title":"docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:07:21.534Z"}}]}}