CVE-2022-25365 – This vulnerability in Docker Desktop for Window... (How to Fix)

Q: What is the severity of CVE-2022-25365?

CVE-2022-25365 has a CVSS score of 7.8 (HIGH). This vulnerability in Docker Desktop for Windows allows attackers to move arbitrary files on the host system. It affects Docker Desktop versions before 4.5.1 on Windows and exists due to an incomplete fix for CVE-2022-23774.

📋 TL;DR

This vulnerability in Docker Desktop for Windows allows attackers to move arbitrary files on the host system. It affects Docker Desktop versions before 4.5.1 on Windows and exists due to an incomplete fix for CVE-2022-23774.

💻 Affected Systems

Products:

Docker Desktop

Versions: All versions before 4.5.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: This vulnerability specifically affects Docker Desktop on Windows due to incomplete fix for CVE-2022-23774.

📦 What is this software?

Docker by Docker

View all CVEs affecting Docker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could move critical system files, potentially causing system instability, data loss, or enabling privilege escalation.

🟠

Likely Case

Malicious actors could move configuration files, logs, or application data to disrupt operations or hide evidence of compromise.

🟢

If Mitigated

With proper access controls and monitoring, impact would be limited to non-critical file movements that can be detected and reversed.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires some level of access to the Docker environment. The vulnerability allows file movement but not arbitrary file creation or deletion.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.1

Vendor Advisory: https://docs.docker.com/desktop/windows/release-notes/

Restart Required: Yes

Instructions:

1. Open Docker Desktop. 2. Click on the Docker icon in system tray. 3. Select 'Check for Updates'. 4. If update to 4.5.1 is available, click 'Update and Restart'. 5. Alternatively, download and install Docker Desktop 4.5.1 from Docker website.

🔧 Temporary Workarounds

Restrict Docker Desktop Access

windows

Limit user access to Docker Desktop to only authorized administrators

Disable Docker Desktop if Not Required

windows

Stop Docker Desktop service if Docker functionality is not actively needed

Stop-Service -Name 'com.docker.service'

🧯 If You Can't Patch

Implement strict file integrity monitoring on critical system directories
Restrict Docker Desktop to non-administrative users and monitor for suspicious file operations

🔍 How to Verify

Check if Vulnerable:

Check Docker Desktop version in Settings > About Docker Desktop

Check Version:

docker version --format '{{.Client.Version}}'

Verify Fix Applied:

Verify version is 4.5.1 or later in Docker Desktop settings

📡 Detection & Monitoring

Log Indicators:

Unexpected file move operations in Docker logs
Suspicious file system events from Docker processes

Network Indicators:

Unusual Docker API calls related to file operations

SIEM Query:

source="docker" AND (event="file_move" OR event="rename") AND NOT user="authorized_user"

📊 Metadata

CVE ID: CVE-2022-25365

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: February 19, 2022

Last Updated: November 21, 2024

🔗 References

https://docs.docker.com/desktop/windows/release-notes/ Patch,Release Notes,Vendor Advisory
https://security.netapp.com/advisory/ntap-20220331-0001/ Third Party Advisory
https://docs.docker.com/desktop/windows/release-notes/ Patch,Release Notes,Vendor Advisory
https://security.netapp.com/advisory/ntap-20220331-0001/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON