What is CVE-2025-3224?

CVE-2025-3224 is a vulnerability in Docker Desktop, classified under Improper Privilege Management. Published 2025-04-28.

Is CVE-2025-3224 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Privilege escalation in Docker Desktop

CVE-2025-3224

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdi…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (10.8th percentile) — read the EPSS interpretation.

Affected products

Docker Desktop — versions 0

Weakness classification (CWE)

CWE-269 — Improper Privilege Management
CWE-59 — Improper Link Resolution Before File Access

Public proof-of-concept exploits

Ekitji/siem

References

www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-esca…

Frequently asked questions

What is CVE-2025-3224?: CVE-2025-3224 is a vulnerability in Docker Desktop, classified under Improper Privilege Management. Published 2025-04-28.
Is CVE-2025-3224 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.