CVE-2025-9164

Vulnerability Description

Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.This issue affects Docker Desktop: through 4.48.0.

Related Weaknesses (CWE)

CWE-427

References

https://docs.docker.com/desktop/release-notes/

FAQ

What is CVE-2025-9164?

CVE-2025-9164 is a documented vulnerability. Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories...

How severe is CVE-2025-9164?

CVSS scoring is not yet available for CVE-2025-9164. Check NVD for updates.

Is there a patch for CVE-2025-9164?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.