CVE-2025-4095 is a Docker Desktop vulnerability on macOS.
Docker Desktop for macOS, the administration software for the app container system, has an authorization vulnerability that can be utilized for malicious functions.
A safety flaw has been found in Docker Desktop, registered below the CVE code CVE-2025-4095
Particularly, CVE-2025-4095 describes a safety vulnerability in Docker Desktop that impacts Registry Entry Administration (RAM). This refers to a safety characteristic that lets directors limit the entry for builders inside their group to solely allowed registries.
The itemizing explains that, when a macOS configuration profile is used to implement the organizational sign-in, RAM polices usually are not being utilized. The result’s that these Docker Desktop customers can pull down unauthorized photos from the registry, opening the door to malicious photos getting used.
CVE-2025-4095 is assessed as a “Medium” severity menace which implies it may have the potential to disrupt communications or enterprise.
For its half, Docker has launched a repair in Docker Desktop model 4.41, which is out there to obtain now. The easy repair for that is for directors to replace the affected Docker Desktop set up to the most recent model.
What’s Docker?
One of many earliest and hottest container techniques, Docker is a software for the event and deployment of apps and environments. The containers are techniques for bundling growth environments, construct techniques, apps, and deployment data into one file.
In addition to creating the file, referred to as an “picture,” Docker additionally handles the environments wanted to run them, too.
The largest advantage of containers is that they embody every thing wanted for growth and deployment, which vastly reduces the time wanted to configure and provision techniques wanted to run apps.
Varied registries exist that enable the cataloging and storing of container photos in a single central location. That is type of like GitHub, however for container photos as an alternative of for code itself.
There are registries run by container corporations reminiscent of Docker’s DockerHub, and there are third-party ones from different corporations and organizations reminiscent of Amazon ECR, Google, and Microsoft’s Azure.
To ensure that customers to entry and obtain container photos, a login to every registry is normally required.
Docker additionally offers a macOS app known as Docker Desktop, which helps customers obtain and replace container photos on their Macs. One of many options of Docker Desktop is the power to log in and entry container photos utilizing credentials outlined in a configuration file.
For extra data, the Docker web site has documentation on Registry Entry Administration.
Additionally see CWE-862: Lacking Authorization (4.17), which particulars the type of vulnerability that the classification of this safety challenge denotes.
