CVE-2025-4095

Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile

Description

Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry.

INFO

Published Date :

2025-04-29T17:16:16.894Z

Last Modified :

2025-04-29T18:00:02.591Z

Source :

Docker

AFFECTED PRODUCTS

The following products are affected by CVE-2025-4095 vulnerability.

Vendors	Products
Docker	Docker Desktop

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-4095.

URL	Resource
https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability