Vulnerability Report

CVE-2022-25365

Title: Arbitrary file movement in Docker Desktop on Windows

Arbitrary File Movement

Proof Of Concept

PoC Available for CVE-2022-25365

CWE Category NVD-CWE-noinfo
Published Date Feb 19, 2022
Modified Date Nov 21, 2024
Exploit Status Available
Score 7.8 CVSS v3.1
Exploit Probability (EPSS)
1.41%

Vulnerability Summary

CVE-2022-25365: Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.

Impacted Vendors

S
synology 1
D
docker 1
R
redhat 1

Reference Links

https://docs.docker.com/desktop/windows/release-notes/ https://security.netapp.com/advisory/ntap-20220331-0001/ https://docs.docker.com/desktop/windows/release-notes/ https://security.netapp.com/advisory/ntap-20220331-0001/
CVSS v3.1
Source Entity [email protected]
Severity HIGH
7.8
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v3.1
Source Entity [email protected]
Severity HIGH
7.8
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
4.6
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:L/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2022-25365 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/followboy1999/CVE-2022-25365
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector LOCAL
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.