CVE-2025-15558

high Red Hat
CVSS v3 Base Score
7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Published: March 4, 2026
Last Modified: March 4, 2026
Vendor: Red Hat

Description

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.

CWE

CWE-427

Affected Products

Assisted Installer for Red Hat OpenShift Container Platform 2Builds for Red Hat OpenShiftGatekeeper 3Kernel Module Management Operator for Red Hat OpenshiftMachine Deletion Remediation OperatorMulticluster Engine for KubernetesMulticluster Global HubOpenShift PipelinesOpenShift ServerlessOpenShift Service Mesh 2

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 docs.docker.com 🔗 github.com