Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
Docker Desktop Allows Malicious Plugins on Windows
CVE-2025-15558
GHSA-p436-gjf2-799p
GHSA-p436-gjf2-799p
BIT-docker-cli-2025-15558
Summary
If an attacker creates a fake plugin directory on your Windows computer, they can potentially gain extra privileges when you use Docker Desktop or its plugins. This happened because Docker Desktop on Windows looked for plugins in a directory that didn't exist by default. To fix this, update Docker Desktop to a version newer than 29.1.5. If you're using Docker Compose, update it to a version newer than 2.31.0 as well.
What to do
- Update github.com docker to version 29.2.0.
- Update github.com docker to version 5.1.0.
- Update docker github.com/docker/cli to version 29.2.0.
- Update docker github.com/docker/compose/v5 to version 5.1.0.
- Update docker-cli to version 29.2.1.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | docker | > 19.03.0 , <= 29.2.0 | 29.2.0 |
| github.com | docker | > 2.31.0 , <= 2.40.3 | – |
| github.com | docker | <= 5.1.0 | 5.1.0 |
| docker | github.com/docker/cli | > 19.03.0 , <= 29.2.0 | 29.2.0 |
| docker | github.com/docker/compose/v2 | > 2.31.0 , <= 2.40.3 | – |
| docker | github.com/docker/compose/v5 | <= 5.1.0 | 5.1.0 |
| docker | command_line_interface | <= 29.1.5 | – |
| – | docker-cli | <= 29.2.1 | 29.2.1 |
Original title
Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Original description
This issue affects Docker CLI through 29.1.5
### Impact
Docker CLI for Windows searches for plugin binaries in `C:\ProgramData\Docker\cli-plugins`, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the `docker` CLI is executed as a privileged user.
This issue affects Docker CLI through v29.1.5 (fixed in v29.2.0). It impacts Windows binaries acting as a CLI plugin manager via the [`github.com/docker/cli/cli-plugins/manager`](https://pkg.go.dev/github.com/docker/[email protected]+incompatible/cli-plugins/manager) package, which is consumed by downstream projects such as Docker Compose.
Docker Compose became affected starting in v2.31.0, when it incorporated the relevant CLI plugin manager code (see https://github.com/docker/compose/pull/12300), and is fixed in v5.1.0.
This issue does not impact non-Windows binaries or projects that do not use the plugin manager code.
### Patches
Fixed version starts with 29.2.0
This issue was fixed in https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa (https://github.com/docker/cli/pull/6713), which removed `%PROGRAMDATA%\Docker\cli-plugins` from the list of paths used for plugin-discovery on Windows.
### Workarounds
None
### Resources
- Pull request: "cli-plugins/manager: remove legacy system-wide cli-plugin path" (https://github.com/docker/cli/pull/6713)
- Patch: https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa.patch
### Credits
Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI
### Impact
Docker CLI for Windows searches for plugin binaries in `C:\ProgramData\Docker\cli-plugins`, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the `docker` CLI is executed as a privileged user.
This issue affects Docker CLI through v29.1.5 (fixed in v29.2.0). It impacts Windows binaries acting as a CLI plugin manager via the [`github.com/docker/cli/cli-plugins/manager`](https://pkg.go.dev/github.com/docker/[email protected]+incompatible/cli-plugins/manager) package, which is consumed by downstream projects such as Docker Compose.
Docker Compose became affected starting in v2.31.0, when it incorporated the relevant CLI plugin manager code (see https://github.com/docker/compose/pull/12300), and is fixed in v5.1.0.
This issue does not impact non-Windows binaries or projects that do not use the plugin manager code.
### Patches
Fixed version starts with 29.2.0
This issue was fixed in https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa (https://github.com/docker/cli/pull/6713), which removed `%PROGRAMDATA%\Docker\cli-plugins` from the list of paths used for plugin-discovery on Windows.
### Workarounds
None
### Resources
- Pull request: "cli-plugins/manager: remove legacy system-wide cli-plugin path" (https://github.com/docker/cli/pull/6713)
- Patch: https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa.patch
### Credits
Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI
nvd CVSS4.0
7.0
Vulnerability type
CWE-427
Uncontrolled Search Path Element
- https://docs.docker.com/desktop/release-notes/
- https://github.com/docker/cli/pull/6713
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/
- https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p
- https://nvd.nist.gov/vuln/detail/CVE-2025-15558
- https://github.com/docker/compose/pull/12300
- https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa
- https://docs.docker.com/desktop/release-notes
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304
- https://github.com/advisories/GHSA-p436-gjf2-799p
- https://github.com/docker/cli Product
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026