CVE-2025-14740
Incorrect Permission Assignment in Docker Desktop Installer Enables Code Execution
Publication date: 2026-02-04
Last updated on: 2026-02-04
Assigner: Docker Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docker | docker_desktop | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Docker Desktop for Windows and involves incorrect permission assignments in the installerβs handling of the C:\ProgramData\DockerDesktop directory.
There are two main exploitation scenarios:
- Scenario 1 (Persistent Attack): If a low-privileged attacker creates the directory before installation, they retain ownership even after installation applies restrictive permissions. This allows them to modify critical configuration files to execute arbitrary code when Docker Desktop runs.
- Scenario 2 (TOCTOU Attack): During installation, a race condition exists between directory creation and setting secure permissions. An attacker monitoring this window can inject malicious files with attacker-controlled permissions, leading to arbitrary code execution.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary code execution with the privileges of any user running Docker Desktop.
An attacker could tamper with critical configuration files to execute malicious code, potentially compromising the system's integrity, confidentiality, and availability.
Because the attacker can gain persistent control or exploit a race condition during installation, this could lead to unauthorized access, data manipulation, or disruption of Docker Desktop operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves incorrect permission assignments on the C:\ProgramData\DockerDesktop directory. Detection involves checking the ownership and ACLs (Access Control Lists) of this directory to see if a low-privileged user owns it or if the ACLs are improperly set.
Suggested commands to detect this issue on a Windows system include:
- Use PowerShell to check the owner of the directory: Get-Acl -Path 'C:\ProgramData\DockerDesktop' | Select-Object Owner
- Use icacls to view the ACLs on the directory: icacls "C:\ProgramData\DockerDesktop"
- Look for unexpected owners or permissions that allow low-privileged users to modify the directory or its contents.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that the C:\ProgramData\DockerDesktop directory is not pre-created by low-privileged users before installation and verifying that the directory ownership and ACLs are correctly set after installation.
Specifically:
- Before installing Docker Desktop, check and remove any existing C:\ProgramData\DockerDesktop directory that might be owned by a low-privileged user.
- After installation, verify and correct the ownership and permissions of the directory to ensure only trusted system accounts have access.
- Monitor for any unauthorized changes to critical configuration files such as install-settings.json within this directory.
- Apply any patches or updates provided by Docker addressing this vulnerability as soon as they become available.