Vulners
Lucene search
Docker Desktop 4.46.0 < 4.47.0 Container Escape
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | CVE-2025-10657 | 29 Sep 202514:58 | – | circl |
 | Docker Desktop 安全漏洞 | 26 Sep 202500:00 | – | cnnvd |
 | CVE-2025-10657 | 26 Sep 202521:05 | – | cve |
 | CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions | 26 Sep 202521:05 | – | cvelist |
 | EUVD-2025-31391 | 3 Oct 202520:07 | – | euvd |
 | CVE-2025-10657 | 26 Sep 202521:15 | – | nvd |
 | PT-2025-39690 | 26 Sep 202500:00 | – | ptsecurity |
 | CVE-2025-10657 | 27 Sep 202521:32 | – | redhatcve |
 | CVE-2025-10657 Docker Desktop with ECI Fails to Enforce Socket Command Restrictions | 26 Sep 202521:05 | – | vulnrichment |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(269979);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/18");
script_cve_id("CVE-2025-10657");
script_xref(name:"IAVA", value:"2025-A-0724-S");
script_name(english:"Docker Desktop 4.46.0 < 4.47.0 Container Escape");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by a container escape vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Docker Desktop is prior to 4.47.0. It is therefore affected by a container escape vulnerability.
In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/
hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature
https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions
to restrict commands that a container with a Docker socket mount may issue on that socket. Due to a software bug, the
configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket.
This grants excessive privileges by permitting unrestricted access to powerful Docker commands. The vulnerability
affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions
feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects
containers which are explicitly allowed by the administrator to mount the Docker socket.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://docs.docker.com/security/security-announcements/#docker-desktop-4443-security-update-CVE-2025-10657
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8a15d7ad");
script_set_attribute(attribute:"see_also", value:"https://docs.docker.com/desktop/release-notes/#4470");
script_set_attribute(attribute:"solution", value:
"Upgrade to Docker Desktop version 4.47.0 or later");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-10657");
script_set_attribute(attribute:"vuln_publication_date", value:"2025/09/25");
script_set_attribute(attribute:"patch_publication_date", value:"2025/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/10/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:docker:docker");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("docker_for_linux_installed.nbin", "docker_for_mac_installed.nbin", "docker_for_windows_installed.nbin");
script_require_ports("installed_sw/Docker Desktop", "installed_sw/Docker", "installed_sw/Docker for Windows");
exit(0);
}
include('vdf.inc');
# @tvdl-content
var vuln_data = {
"metadata": {"spec_version": "1.0"},
"checks": [
{
"product":{'name': "Docker for Windows", "type": "app"},
"check_algorithm": "default",
"requires": [
{"scope": "target", "match": {"os": "windows"}}
],
"constraints": [{"fixed_version":"4.47.0"}]
},
{
"product":{"name": "Docker", "type": "app"},
"check_algorithm": "default",
"requires": [
{"scope": "target", "match": {"os": "macos"}}
],
"constraints": [{"fixed_version":"4.47.0"}]
},
{
"product":{"name": "Docker Desktop", "type": "app"},
"check_algorithm": "default",
"requires": [
{"scope": "target", "match": {"os": "linux"}}
],
"constraints": [{"fixed_version":"4.47.0"}]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_WARNING);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Nov 2025 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 48.7
EPSS0.00133
SSVC