CVE-2025-15558

Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Description

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/[email protected]+incompatible/cli-plugins/manager package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.

INFO

Published Date :

2026-03-04T16:14:32.045Z

Last Modified :

2026-03-05T04:55:47.099Z

Source :

Docker

AFFECTED PRODUCTS

The following products are affected by CVE-2025-15558 vulnerability.

Vendors	Products
Docker	Command Line Interface Composer Docker
Microsoft	Windows

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-15558.

URL	Resource
https://docs.docker.com/desktop/release-notes/
https://github.com/docker/cli/pull/6713
https://nvd.nist.gov/vuln/detail/CVE-2025-15558
https://www.cve.org/CVERecord?id=CVE-2025-15558
https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/