Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Description
Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.
This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager package, such as Docker Compose.
This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Docker CLI for Windows searches for plugins in a non-existent directory, allowing low-privileged attackers to plant malicious binaries and escalate privileges.
Vulnerability
Overview
CVE-2025-15558 is a local privilege escalation vulnerability in Docker CLI for Windows. The root cause is that Docker CLI searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (e.g., docker-compose.exe, docker-buildx.exe) there. When a victim user opens Docker Desktop or invokes Docker CLI plugin features, these binaries are executed, potentially allowing privilege escalation if the Docker CLI is run as a privileged user [1][2].
Exploitation
Details
Exploitation requires the attacker to first obtain the ability to execute low-privileged code on the target Windows system. The vulnerability is triggered when a victim user opens Docker Desktop or uses Docker CLI plugin features, causing the malicious binaries placed in the C:\ProgramData\Docker\cli-plugins directory are executed. The issue affects Docker CLI versions through 29.1.5 and any Windows binary using the github.com/docker/cli/cli-plugins/manager package, such as Docker Compose. Non-Windows binaries and projects not using the plugin-manager code are not impacted [2][3].
Impact
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the target user. If the Docker CLI plugin binaries are executed with the privileges of the user running Docker CLI, so if that user has elevated privileges, the attacker can achieve privilege escalation. The CVSS 4.0 base score is 7.8 (High), with vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating a local attack with low complexity and no user interaction required beyond the victim using Docker [3].
Mitigation
Docker has addressed this issue by removing the %PROGRAMDATA%\Docker\cli-plugins path from the list of directories searched for CLI plugins. This change was implemented in pull request #6713 on the docker/cli repository, which updates the plugin discovery to use %ProgramFiles%\Docker\cli-plugins for system-wide plugins instead. Users should update to the latest Docker Desktop version (e.g., v29.4.3 as noted in release notes) to receive the fix [1][4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/docker/cliGo | >= 19.03.0, < 29.2.0 | 29.2.0 |
Affected products
3- Docker/Composev5Range: 5.1.0
- Docker/Docker CLIv5Range: 29.2.0
Patches
113759330b1f7cli-plugins/manager: remove legacy system-wide cli-plugin path
1 file changed · +0 −1
cli-plugins/manager/manager_windows.go+0 −1 modified@@ -16,6 +16,5 @@ import ( // // [ConfigFile.CLIPluginsExtraDirs]: https://pkg.go.dev/github.com/docker/cli@v26.1.4+incompatible/cli/config/configfile#ConfigFile.CLIPluginsExtraDirs var defaultSystemPluginDirs = []string{ - filepath.Join(os.Getenv("ProgramData"), "Docker", "cli-plugins"), filepath.Join(os.Getenv("ProgramFiles"), "Docker", "cli-plugins"), }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- github.com/docker/cli/pull/6713ghsapatchWEB
- github.com/advisories/GHSA-p436-gjf2-799pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-15558ghsaADVISORY
- www.zerodayinitiative.com/advisories/ZDI-CAN-28304/mitrethird-party-advisory
- docs.docker.com/desktop/release-notesghsaWEB
- github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7faghsaWEB
- github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799pghsaWEB
- github.com/docker/compose/pull/12300ghsaWEB
- www.zerodayinitiative.com/advisories/ZDI-CAN-28304ghsaWEB
- docs.docker.com/desktop/release-notes/mitre
News mentions
1- ZDI-26-152: Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation VulnerabilityZero Day Initiative · Mar 6, 2026