anonhaven
Ad

CVE-2025-15558

HIGH CVSS 4.0: 7.0 EPSS 0.01%
Updated Mar 04, 2026
GitHub
Parameter Value
CVSS 7.0 (HIGH)
Type CWE-427 (Uncontrolled Search Path Element (Неконтролируемый путь поиска))
Vendor GitHub
Public PoC No

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose.

This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.

Attack Parameters

Attack Vector
Local
Нужен локальный доступ
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
Low
Нужны базовые права
User Interaction
Passive
Минимальное взаимодействие

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
High
Полная модификация данных
Availability
High
Полный отказ в обслуживании

CVSS Vector v4.0

Weakness Type (CWE)

CWE-427 Uncontrolled Search Path Element (Неконтролируемый путь поиска)

References 3

https://docs.docker.com/desktop/release-notes/
security@docker.com
https://github.com/docker/cli/pull/6713
security@docker.com
https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
security@docker.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-29783

GitHub

7.5

CVE-2026-23233

GitHub

None

CVE-2026-3286

GitHub

5.3

CVE-2026-27943

GitHub

6.5

CVE-2026-27701

GitHub

8.8