Skip to content

security: update sec announcements with latest CVE fixes #22648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 16, 2025
Merged

security: update sec announcements with latest CVE fixes #22648

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions content/manuals/security/security-announcements.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,18 @@
toc_max: 2
---

## Docker Desktop 4.41.0 Security Update: CVE-2025-3224, CVE-2025-4095, and CVE-2025-3911

Check warning on line 10 in content/manuals/security/security-announcements.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.HeadingSentenceCase] Use sentence case for headings: 'Docker Desktop 4.41.0 Security Update: CVE-2025-3224, CVE-2025-4095, and CVE-2025-3911'.

Raw Output:
{"message": "[Docker.HeadingSentenceCase] Use sentence case for headings: 'Docker Desktop 4.41.0 Security Update: CVE-2025-3224, CVE-2025-4095, and CVE-2025-3911'.", "location": {"path": "content/manuals/security/security-announcements.md", "range": {"start": {"line": 10, "column": 4}}}, "severity": "WARNING"}

Check warning on line 10 in content/manuals/security/security-announcements.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.HeadingLength] Try to keep headings short (< 8 words).

Raw Output:
{"message": "[Docker.HeadingLength] Try to keep headings short (\u003c 8 words).", "location": {"path": "content/manuals/security/security-announcements.md", "range": {"start": {"line": 10, "column": 4}}}, "severity": "INFO"}

_Last updated May 15, 2025_

Three vulnerabilities in Docker Desktop were fixed on April 28 in the [4.41.0](https://docs.docker.com/desktop/release-notes/#4410) release.

- Fixed [CVE-2025-3224](https://www.cve.org/CVERecord?id=CVE-2025-3224) allowing an attacker with access to a user machine to perform an elevation of privilege when Docker Desktop updates.
- Fixed [CVE-2025-4095](https://www.cve.org/CVERecord?id=CVE-2025-4095) where Registry Access Management (RAM) policies were not enforced when using a MacOS configuration profile, allowing users to pull images from unapproved registries.
- Fixed [CVE-2025-3911](https://www.cve.org/CVERecord?id=CVE-2025-3911) allowing an attacker with read access to a user's machine to obtain sensitive information from Docker Desktop log files, including environment variables configured for running containers.

We strongly encourage you to update to Docker Desktop [4.41.0](https://docs.docker.com/desktop/release-notes/#4410).

Check warning on line 20 in content/manuals/security/security-announcements.md

View workflow job for this annotation

GitHub Actions / vale 

[vale] reported by reviewdog 🐶
[Docker.We] Avoid using first-person plural like 'We'.

Raw Output:
{"message": "[Docker.We] Avoid using first-person plural like 'We'.", "location": {"path": "content/manuals/security/security-announcements.md", "range": {"start": {"line": 20, "column": 1}}}, "severity": "WARNING"}

## Docker Desktop 4.34.2 Security Update: CVE-2024-8695 and CVE-2024-8696

_Last updated September 13, 2024_
Expand Down