Docker Desktop 4.35.0 for Windows

CPE Details

Docker Desktop 4.35.0 for Windows
docker
desktop
4.35.0
2025-05-07
11h45 +00:00
2025-05-07
11h45 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:docker:desktop:4.35.0:*:*:*:*:windows:*:*

Informations

Vendor

docker

Product

desktop

Version

4.35.0

Target Software

windows

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-3224 2025-04-28 19h21 +00:00 A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
7.3
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.