CVE-2025-15558: Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows
This issue affects Docker CLI through 29.1.5
References
- docs.docker.com/desktop/release-notes
- github.com/advisories/GHSA-p436-gjf2-799p
- github.com/docker/cli
- github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa
- github.com/docker/cli/pull/6713
- github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p
- github.com/docker/compose/pull/12300
- nvd.nist.gov/vuln/detail/CVE-2025-15558
- www.zerodayinitiative.com/advisories/ZDI-CAN-28304
Code Behaviors & Features
Detect and mitigate CVE-2025-15558 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →