{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "29.1.5"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0e6fee6c52f761dc79dc4bf712ea9fe4095c9bd2"
            }
          ],
          "repo": "https://github.com/docker/cli",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.\n\nThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the  github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose.\n\nThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code.",
  "id": "CVE-2025-15558",
  "modified": "2026-03-15T21:50:30.592726026Z",
  "published": "2026-03-04T17:16:14.763Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/"
    },
    {
      "type": "ADVISORY",
      "url": "https://docs.docker.com/desktop/release-notes/"
    },
    {
      "type": "FIX",
      "url": "https://github.com/docker/cli/pull/6713"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}