centersl/docker-docs
1
0
Fork 0
mirror of https://github.com/docker/docs.git synced 2026-03-27 14:28:47 +07:00
Code Issues Packages Projects Releases Wiki Activity

Add security notices regarding CVE-2025-10657. (#23476)

Browse Source 
<!--Delete sections as needed -->

## Description

Add notices to the 4.47.0 release notes and the security announcements
page.

## Reviews

<!-- Notes for reviewers here -->
<!-- List applicable reviews (optionally @tag reviewers) -->

- [ ] Technical review
- [X] Editorial review
- [ ] Product review

Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>
This commit is contained in:
Cesar Talledo
2025-10-01 00:10:23 -07:00
committed by GitHub
parent fdbe2dda62
commit 47546555f8
2 changed files with 14 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
content/manuals/desktop/release-notes.md
View File

@@ -40,6 +40,10 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
{{< desktop-install-v2 all=true win_arm_release="Early Access" version="4.47.0" build_path="/206054/" >}}
### Security
- Fixed [CVE-2025-10657](https://www.cve.org/CVERecord?id=CVE-2025-10657) where the Enhanced Container Isolation [Docker Socket command restrictions](../enterprise/security/hardened-desktop/enhanced-container-isolation/config.md#command-restrictions) feature was not working properly in Docker Desktop 4.46.0 only (the configuration for it was being ignored).
### New
- Added dynamic MCP server discovery and support to Docker's MCP catalog.
@@ -85,7 +89,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
### New
- Added a new Learning center walkthrough for Docker MCP Toolkit and other onboarding improvements.
- Administrators can now control [PAC configurations with Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md#proxy-settings).
- Administrators can now control [PAC configurations with Settings Management](/manuals/enterprise/security/hardened-desktop/settings-management/configure-json-file.md#proxy-settings).
- The update experience has been redesigned to make it easier to understand and manage updates for Docker Desktop and its components.
### Upgrades
@@ -107,7 +111,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
#### For Windows
- Improved the security of Docker Model Runner by enabling sandboxing of the `llama.cpp` inference processes.
- Improved the security of Docker Model Runner by enabling sandboxing of the `llama.cpp` inference processes.
#### For Linux
@@ -156,7 +160,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
{{< desktop-install-v2 all=true win_arm_release="Early Access" version="4.44.3" build_path="/202357/" >}}
### Security
### Security
- Fixed [CVE-2025-9074](https://www.cve.org/CVERecord?id=CVE-2025-9074) where a malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted. This could allow unauthorized access to user files on the host system. Enhanced Container Isolation (ECI) does not mitigate this vulnerability.
@@ -219,7 +223,7 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
- [Docker Model CLI v0.1.36](https://github.com/docker/model-cli/releases/tag/v0.1.36)
- [Docker Desktop CLI v0.2.0](/manuals/desktop/features/desktop-cli.md)
### Security
### Security
We are aware of [CVE-2025-23266](https://nvd.nist.gov/vuln/detail/CVE-2025-23266), a critical vulnerability affecting the NVIDIA Container Toolkit in CDI mode up to version 1.17.7. Docker Desktop includes version 1.17.8, which is not impacted. However, older versions of Docker Desktop that bundled earlier toolkit versions may be affected if CDI mode was manually enabled. Uprade to Docker Desktop 4.44 or later to ensure you're using the patched version.

6
content/manuals/security/security-announcements.md
View File

@@ -12,6 +12,12 @@ toc_max: 2
{{< rss-button feed="/security/security-announcements/index.xml" text="Subscribe to security RSS feed" >}}
## Docker Desktop 4.47.0 security update: CVE-2025-10657
A vulnerability in Docker Desktop was fixed on September 25 in the [4.47.0](/manuals/desktop/release-notes.md#4470) release:
- Fixed [CVE-2025-10657](https://www.cve.org/CVERecord?id=CVE-2025-10657) where the Enhanced Container Isolation [Docker Socket command restrictions](../enterprise/security/hardened-desktop/enhanced-container-isolation/config.md#command-restrictions) feature was not working properly in Docker Desktop 4.46.0 only (the configuration for it was being ignored).
## Docker Desktop 4.44.3 security update: CVE-2025-9074
_Last updated August 20, 2025_