CVE-2025-9164
Multiple DLL Search Order Hijacking Vulnerabilities in Docker Desktop Installer for Windows
Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0.
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:P/AU:Y/R:U/V:C
Affected products
Docker · Docker DesktopWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →