Forwarded by Taiwan Computer Network Crisis Management and Coordination Center (TWCERTCC-200-202508-00000015)

[Description]
Docker for Windows Desktop is a container management tool that runs on Windows systems and simplifies application deployment and management through container technology. Docker has released a critical security vulnerability update (CVE-2025-9074, CVSS 4.x:9.3) and an updated version. This vulnerability, a Server Request Forgery (SSRF) vulnerability, allows attackers to exploit the API to execute various privileged commands, including controlling other containers and managing images. Furthermore, this vulnerability allows attackers to mount host drives with the same permissions as the user running Docker Desktop.

[Affected Platforms]
Docker Desktop versions prior to (not including) 4.44.3

[Recommended Action]
Update to Docker Desktop version 4.44.3 or later.

[References]
1. https://docs.docker.com/desktop/release-notes/#4443
2. https://nvd.nist.gov/vuln/detail/CVE-2025-9074