{"uuid": "e8c8d816-8797-4549-9ff4-77f00315af90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3224", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13732", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3224\n\ud83d\udd25 CVSS Score: 7.3 (cvssV4_0, Vector: CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)\n\ud83d\udd39 Description: A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0\u00a0could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\\ProgramData\\Docker\\config with high privileges. However, this directory often does not exist by default, and C:\\ProgramData\\ allows normal users to create new directories. By creating a malicious Docker\\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.\n\ud83d\udccf Published: 2025-04-28T19:21:15.851Z\n\ud83d\udccf Modified: 2025-04-28T19:43:24.060Z\n\ud83d\udd17 References:\n1. https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks", "creation_timestamp": "2025-04-28T20:11:20.000000Z"}