The Register
Docker has patched a critical hole in Docker Desktop that let a container break out and take control of the host machine with laughable ease.
The bug, tracked as CVE-2025-9074 and scoring 9.3 on the CVSS scale, left Docker's internal Engine API wide open on "192.168.65.7:2375." Any container could talk to it without authentication, which meant mounting drives and messing with system files was only a couple of HTTP requests away. On Windows, where Docker Desktop leans on WSL2, that translates into full read-write access to the C: drive and a clear path to administrator rights.
On Windows, by contrast, nothing stops a hostile container mounting the system drive
"A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requirin
Reuters US Business
Raw Story
Deseret News
CNN
The US Sun Technology
Fast Company Technology
KNOE
New York Post
The Columbian Politics
Bored Panda