CVE-2025-10657 in Docker
Summary
by MITRE • 09/27/2025
In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can utilize the command restrictions feature https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/config/#command-restrictions to restrict commands that a container with a Docker socket mount may issue on that socket. Due to a software bug, the configuration to restrict commands was ignored when passed to ECI, allowing any command to be executed on the socket. This grants excessive privileges by permitting unrestricted access to powerful Docker commands.
The vulnerability affects only Docker Desktop 4.46.0 users that have ECI enabled and are using the Docker socket command restrictions feature. In addition, since ECI restricts mounting the Docker socket into containers by default, it only affects containers which are explicitly allowed by the administrator to mount the Docker socket.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/27/2025
This vulnerability represents a critical security flaw in Docker Desktop's Enhanced Container Isolation (ECI) feature, specifically impacting version 4.46.0 users who have enabled ECI along with Docker socket command restrictions. The flaw occurs within the command restriction mechanism that is designed to prevent containers from executing arbitrary Docker commands through mounted socket access. When ECI is enabled, administrators can configure restrictions to limit which commands a container may issue against the Docker socket, but due to a software bug in the implementation, these restrictions are completely ignored. This creates a dangerous privilege escalation scenario where containers with socket access can execute any Docker command regardless of the configured restrictions, effectively bypassing the intended security controls.
The technical nature of this vulnerability stems from a failure in the ECI configuration processing pipeline, where the command restriction settings are not properly validated or enforced when applied to containers with Docker socket mounts. This represents a breakdown in the principle of least privilege that ECI is designed to enforce, allowing containers to gain unrestricted access to the Docker daemon's powerful API surface. The vulnerability specifically targets the command restriction feature within ECI's security model, which is intended to create a sandboxed environment where containers cannot escalate privileges or execute commands that could compromise the host system or other containers. From a CWE perspective, this manifests as a weakness in privilege management and access control enforcement, potentially classified under CWE-284 for improper access control. The flaw essentially creates a bypass of the security controls that are supposed to prevent containers from performing actions like creating new containers, stopping running containers, accessing container filesystems, or managing Docker networks.
The operational impact of this vulnerability is significant for organizations using Docker Desktop with ECI enabled, particularly those implementing security policies that rely on command restrictions to control container behavior. Attackers who can gain access to a container with Docker socket mount privileges can now execute any Docker command, potentially leading to container escape, host compromise, or lateral movement within the environment. This vulnerability undermines the core security assumptions of ECI, which is designed to provide enhanced isolation for desktop environments where containers might be running with elevated privileges. The attack surface is limited to specific configurations - only users running Docker Desktop 4.46.0 with ECI enabled and explicit Docker socket mount permissions - but the impact remains severe since it effectively nullifies the security controls that administrators have explicitly configured. From an ATT&CK framework perspective, this vulnerability enables techniques such as privilege escalation through container escape, container manipulation, and potentially initial access via compromised containers that can then use the unrestricted socket access to pivot to other systems.
Organizations affected by this vulnerability should immediately update to Docker Desktop versions that address this bug, as there are no effective workarounds available while ECI remains enabled. Administrators should review their current ECI configurations and consider disabling command restrictions until the update is applied, or alternatively, disable ECI entirely if the security benefits do not outweigh the risk of this vulnerability. The recommended mitigation strategy involves applying the vendor-provided patch that corrects the command restriction enforcement logic within ECI's socket handling mechanism. Security teams should monitor for any unauthorized container activity that might indicate exploitation of this vulnerability, particularly around Docker socket access patterns and unusual container management commands. Organizations should also conduct a comprehensive audit of their container security policies to ensure that other controls are in place to detect and prevent unauthorized access to Docker socket mounts, as this vulnerability essentially removes one layer of protection from the security architecture.