CVE-2025-15558: Docker CLI Privilege Escalation Vulnerability

CVE-2025-15558 Overview

CVE-2025-15558 affects the Docker CLI for Windows, which searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and drop malicious plugin binaries such as docker-compose.exe or docker-buildx.exe. These binaries execute when a victim opens Docker Desktop or invokes Docker CLI plugin features. The flaw maps to CWE-427 (Uncontrolled Search Path Element) and enables privilege escalation when the Docker CLI runs under a privileged account. Docker CLI versions through 29.1.5 are affected, along with Windows binaries that use the github.com/docker/cli/cli-plugins/manager package.

Critical Impact
A local low-privileged user can achieve code execution as a privileged user when an administrator invokes Docker CLI plugin functionality on the same host.

Affected Products

Docker CLI versions through 29.1.5 on Windows
Docker Desktop for Windows using the affected CLI
Third-party Windows binaries embedding the github.com/docker/cli/cli-plugins/manager package (including Docker Compose)

Discovery Timeline

2026-03-04 - CVE-2025-15558 published to NVD
2026-03-09 - Last updated in NVD database
Tracked by Zero Day Initiative as ZDI-CAN-28304

Technical Details for CVE-2025-15558

Vulnerability Analysis

The Docker CLI plugin manager on Windows resolves plugin executables by scanning fixed directories, including C:\ProgramData\Docker\cli-plugins. Docker installations do not create this directory by default. Because C:\ProgramData permits standard users to create subdirectories, any low-privileged user can populate the missing path with attacker-controlled binaries. Once present, the plugin manager treats these executables as legitimate plugins.

Execution occurs whenever a user launches Docker Desktop or runs a Docker CLI command that triggers plugin discovery, such as docker compose or docker buildx. If an administrator runs the CLI, the planted binary executes with administrative privileges, producing local privilege escalation.

Root Cause

The vulnerability stems from an uncontrolled search path element. The plugin manager trusts a writable directory under C:\ProgramData without verifying directory ownership, ACLs, or signed binaries. The absence of the directory at install time allows a non-privileged attacker to win the creation race and define the directory's discretionary access control list.

Attack Vector

The attack requires local access and minimal privileges. An attacker executes a single mkdir-style operation to create C:\ProgramData\Docker\cli-plugins and then writes malicious plugin executables named after expected Docker plugins. The next time any user, including an administrator, invokes Docker CLI plugin features on that workstation, the planted binary runs in the caller's security context. The vulnerability does not affect non-Windows Docker binaries or projects that do not link the plugin-manager package. See the Docker CLI pull request #6713 for the upstream fix.

Detection Methods for CVE-2025-15558

Indicators of Compromise

Presence of C:\ProgramData\Docker\cli-plugins on hosts where it was not created by the Docker installer
Unsigned or unexpected executables matching the pattern docker-*.exe in that directory
Process creation events showing docker.exe spawning child processes from C:\ProgramData\Docker\cli-plugins
ACLs on the cli-plugins directory granting write access to standard users or non-administrative SIDs

Detection Strategies

Hunt for directory creation events targeting C:\ProgramData\Docker\cli-plugins originating from non-installer processes
Alert on execution of any binary located under C:\ProgramData\Docker\cli-plugins that is not signed by Docker Inc.
Correlate Docker Desktop startup with subsequent child process executions from the plugin search path

Monitoring Recommendations

Enable Windows Sysmon Event ID 11 (FileCreate) and Event ID 1 (ProcessCreate) coverage for the Docker plugin directories
Inventory all Windows endpoints with Docker Desktop installed and audit the existence and ACLs of C:\ProgramData\Docker\cli-plugins
Forward process telemetry to a central data lake to baseline expected plugin executions across the fleet

How to Mitigate CVE-2025-15558

Immediate Actions Required

Upgrade Docker CLI and Docker Desktop to a version that includes the fix from pull request #6713 once released; consult the Docker Desktop Release Notes for the patched build
Pre-create C:\ProgramData\Docker\cli-plugins with an ACL that grants write access only to Administrators and SYSTEM
Audit existing installations for unexpected binaries already present in the plugin directory and remove them
Avoid running the Docker CLI from an elevated session on shared or multi-user Windows hosts until patched

Patch Information

The fix is tracked in the upstream Docker CLI repository via pull request #6713. Docker CLI releases after 29.1.5 incorporating this change resolve the search-path issue. Downstream binaries that embed the github.com/docker/cli/cli-plugins/manager package, including Docker Compose, must rebuild against the patched dependency.

Workarounds

Manually create C:\ProgramData\Docker\cli-plugins and restrict its ACL to Administrators and SYSTEM before any low-privileged user can claim it
Apply AppLocker or Windows Defender Application Control policies that block execution of unsigned binaries from C:\ProgramData\Docker\cli-plugins
Restrict Docker Desktop usage to dedicated developer workstations where standard users do not have interactive logon rights

bash

# Pre-create the plugin directory with restricted ACLs (PowerShell, run as Administrator)
New-Item -ItemType Directory -Path 'C:\ProgramData\Docker\cli-plugins' -Force
icacls 'C:\ProgramData\Docker\cli-plugins' /inheritance:r
icacls 'C:\ProgramData\Docker\cli-plugins' /grant:r 'BUILTIN\Administrators:(OI)(CI)F' 'NT AUTHORITY\SYSTEM:(OI)(CI)F'
icacls 'C:\ProgramData\Docker\cli-plugins' /remove 'BUILTIN\Users' 'NT AUTHORITY\Authenticated Users'