CVE-2025-9164

216.73.217.22

· Published 27/10/2025 14:15 · Modified 27/10/2025 14:15

Labels: CVE-2025-9164 2025-10-27 CVE-2025-9164 CWE-427 [email protected]

Essential information

Published: 27/10/2025 14:15
Modified: 27/10/2025 14:15
Author: —
Creator: —
CVSS: 8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
docker / docker desktop	`cpe:2.3:a:docker:docker_desktop:4.48.0:::::::*`
docker / docker desktop	`cpe:2.3:a:docker:docker_desktop:<4.48.0:::::::*`