{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-9164","assignerOrgId":"686469e6-3ff6-451b-ab8b-cf5b9e89401e","state":"PUBLISHED","assignerShortName":"Docker","dateReserved":"2025-08-19T13:19:17.483Z","datePublished":"2025-10-27T13:53:40.216Z","dateUpdated":"2026-02-26T16:57:05.419Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Docker Desktop","vendor":"Docker","versions":[{"lessThanOrEqual":"4.48.0","status":"affected","version":"0","versionType":"semver"}]}],"cpeApplicability":[{"nodes":[{"cpeMatch":[{"criteria":"cpe:2.3:a:docker:docker_desktop:*:*:windows:*:*:*:*:*","versionEndIncluding":"4.48.0","versionStartIncluding":"0","vulnerable":true}],"negate":false,"operator":"OR"}],"operator":"OR"}],"credits":[{"lang":"en","type":"finder","value":"Mahmoud NourEldin"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.<p>This issue affects Docker Desktop: through 4.48.0.</p>"}],"value":"Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0."}],"impacts":[{"capecId":"CAPEC-38","descriptions":[{"lang":"en","value":"CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"}]},{"capecId":"CAPEC-471","descriptions":[{"lang":"en","value":"CAPEC-471 Search Order Hijacking"}]},{"capecId":"CAPEC-640","descriptions":[{"lang":"en","value":"CAPEC-640 Inclusion of Code in Existing Process"}]},{"capecId":"CAPEC-159","descriptions":[{"lang":"en","value":"CAPEC-159 Redirect Access to Libraries"}]}],"metrics":[{"cvssV4_0":{"Automatable":"YES","Recovery":"USER","Safety":"PRESENT","attackComplexity":"HIGH","attackRequirements":"PRESENT","attackVector":"LOCAL","baseScore":8.8,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","userInteraction":"NONE","valueDensity":"CONCENTRATED","vectorString":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-427","description":"CWE-427 Uncontrolled Search Path Element","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"686469e6-3ff6-451b-ab8b-cf5b9e89401e","shortName":"Docker","dateUpdated":"2025-10-27T13:55:28.201Z"},"references":[{"url":"https://docs.docker.com/desktop/release-notes/"}],"source":{"discovery":"UNKNOWN"},"title":"Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-9164","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-10-28T03:56:03.322080Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T16:57:05.419Z"}}]}}