CVE-2025-9164

Docker Desktop <4.48.0 - Privilege Escalation

Title source: llm

Description

Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0.

References (1)

[Various Sources] https://docs.docker.com/desktop/release-notes/

Scores

EPSS 0.0003

EPSS Percentile 7.3%

Classification

CWE

CWE-427

Status draft

Timeline

Published Oct 27, 2025

Tracked Since Feb 18, 2026