CVE-2025-15558

HIGH EPSS 34.4%
Published Mar 4, 20263mo ago · Modified Jun 17, 20261w ago
7.0 CVSS 4.0
High
Find Similar
Published Mar 4, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.

CVSS Details

Base Score
7.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
34.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-427

Affected Products 2

VendorProductVersionRange
dockercommand_line_interface* ≤29.1.5
microsoftwindows*any

References 3

  • docs.docker.com https://docs.docker.com/desktop/release-notes/
    Release Notes
  • github.com https://github.com/docker/cli/pull/6713
    Issue TrackingPatch
  • zerodayinitiative.com https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
    Not Applicable

Remediation

  • github.com https://github.com/docker/cli/pull/6713
    Issue TrackingPatch