anonhaven
Ad

CVE-2025-15558

HIGH CVSS 4.0: 7.0 EPSS 0.02%
Updated Mar 04, 2026
GitHub
Parameter Value
CVSS 7.0 (HIGH)
Type CWE-427 (Uncontrolled Search Path Element)
Vendor GitHub
Public PoC No

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose.

This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
Low
Basic privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
High
Complete data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-427 Uncontrolled Search Path Element

References 3

https://docs.docker.com/desktop/release-notes/
security@docker.com
https://github.com/docker/cli/pull/6713
security@docker.com
https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
security@docker.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-40316

GitHub

8.8

CVE-2026-5160

GitHub

5.1

CVE-2026-23653

GitHub

5.7

CVE-2026-40313

GitHub

9.1

CVE-2026-39382

GitHub

9.3