| Reporter | Title | Published | Views | Family All 470 |
|---|---|---|---|---|
| Security Bulletin: IBM Planning Analytics Cartridge has addressed a security vulnerability in Docker CLI (CVE-2025-15558) | 13 Apr 202618:45 | – | ibm | |
| Security Bulletin: Multiple vulnerabilities affect Data Virtualization on IBM Software Hub (April 2026 - Part 1 of 2) | 1 May 202605:38 | – | ibm | |
| Security Bulletin: Multiple Vulnerabilities in watsonx.data | 22 Jun 202614:32 | – | ibm | |
| CVE-2025-15558 vulnerabilities | 6 Mar 202613:39 | – | cgr | |
| CVE-2025-15558 | 5 Mar 202607:40 | – | circl | |
| Docker CLI 安全漏洞 | 4 Mar 202600:00 | – | cnnvd | |
| CVE-2025-15558 | 4 Mar 202616:14 | – | cve | |
| CVE-2025-15558 Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability | 4 Mar 202616:14 | – | cvelist | |
| EUVD-2025-208275 | 5 Mar 202600:10 | – | euvd | |
| Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows | 5 Mar 202600:10 | – | github |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| github | www.github.com/docker/cli/pull/6713 |
| docs | www.docs.docker.com/desktop/release-notes/ |
| zerodayinitiative | www.zerodayinitiative.com/advisories/ZDI-CAN-28304/ |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(301978);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/30");
script_cve_id("CVE-2025-15558");
script_xref(name:"IAVA", value:"2026-A-0210-S");
script_name(english:"Docker Desktop < 4.64.0 CLI Plugin Directory Privilege Escalation (CVE-2025-15558)");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application installed that is affected by a privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Docker Desktop for Windows installed on the remote host is 4.34.x < 4.64.0. It is, therefore, affected
by a privilege escalation vulnerability.
- Docker CLI for Windows searches for plugin binaries in
C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create
this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed
when a victim user opens Docker Desktop or invokes Docker CLI plugin features, allowing privilege escalation if the
docker CLI is executed as a privileged user.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a7564223");
script_set_attribute(attribute:"see_also", value:"https://github.com/docker/cli/pull/6713");
script_set_attribute(attribute:"see_also", value:"https://docs.docker.com/desktop/release-notes/#4640");
script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/");
script_set_attribute(attribute:"solution", value:
"Upgrade to Docker Desktop version 4.64.0 or later.");
script_set_attribute(attribute:"agent", value:"windows");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:N/R:U");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-15558");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/03/11");
script_set_attribute(attribute:"patch_publication_date", value:"2026/03/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:docker:docker");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("docker_for_windows_installed.nbin");
script_require_keys("installed_sw/Docker for Windows", "SMB/Registry/Enumerated");
exit(0);
}
include('vdf.inc');
# Min and Fix versions are obtained from the docker desktop release showing when the affected version of docker compose were
# introduced and then patched in docker desktop.
# @tvdl-content
var vuln_data = {
"metadata": {"spec_version": "1.0"},
"checks": [
{
"product": {"name": "Docker for Windows", "type": "app"},
"check_algorithm": "default",
"requires": [
{"scope": "target", "match": {"os": "windows"}}
],
"constraints": [{"min_version": "4.37", "fixed_version": "4.64.0"}]
}
]
};
var result = vdf::check_and_report(vuln_data:vuln_data, severity:SECURITY_HOLE);
vdf::handle_check_and_report_errors(vdf_result:result);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation