| CVE ID | CVE-2025-14740 |
| CVSS SCORE | 6.7, AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
| AFFECTED VENDORS |
Docker |
| AFFECTED PRODUCTS |
Desktop |
| VULNERABILITY DETAILS |
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop for Windows. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. |
| ADDITIONAL DETAILS |
Fixed in version 4.57.0 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Nitesh Surana (niteshsurana.com) and Amol Dosanjh of Trend Research |
