A critical vulnerability in Docker Desktop for Windows has been discovered that allows any container to achieve full host system compromise through a simple Server-Side Request Forgery (SSRF) attack.
The flaw, designated CVE-2025-9074, was patched in Docker Desktop version 4.44.3 released in August 2025.
https://gbhackers.com/windows-docker-de ... erability/