Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry

A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls. Docker’s Registry Access Management (RAM) is designed to limit container image pulls to pre-approved registries, such as Docker Hub, Amazon ECR, or private artifact repositories. Docker’s security advisory noted that “Registry Access Management operates at the DNS level, making it vulnerable to localhost proxy bypasses-a risk compounded by CVE-2025-4095”. While Docker’s prompt patch limits immediate exposure, the incident underscores the need for defense-in-depth strategies, combining registry controls, artifact signing, and continuous vulnerability scanning. Designated CVE-2025-4095, the flaw allows developers to bypass registry restrictions enforced by administrators, potentially exposing organizations to malicious container images or unapproved software dependencies.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 09:05:08 +0000


Cyber News related to Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry

What Is Patch Management? - Containers are created using a container image, and a container image is created using a Dockerfile/Containerfile that includes instructions for building an image. Considering the patch management and vulnerability management for containers, let's ...
1 year ago Feeds.dzone.com
Docker Image Building Best Practices - Starting with a basic, minimum image is essential when creating Docker images. They let you utilize numerous Docker images throughout the build process, which helps to reduce the size of the final image by removing unneeded build artifacts. Docker ...
1 year ago Feeds.dzone.com
Docker Registry Vulnerability Lets MacOS Users Pull Images from Any Registry - A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls. Docker’s Registry Access Management (RAM) ...
1 week ago Cybersecuritynews.com CVE-2025-4095
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet - On vulnerable endpoints, the Docker API is used to spawn an Alpine container and then retrieve an initialization shell script (init.sh) from a remote server ("solscan[.]live") that, in turn, checks if it's running as the root user and tools like curl ...
7 months ago Thehackernews.com
Python Malware Poses DDoS Threat Via Docker API Misconfiguration - Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious Docker container with Python malware compiled as an ELF ...
1 year ago Infosecurity-magazine.com
Threat Actors Leveraging Modified Version of SharpHide Tool To Create Hidden Registry - Threat actors have been utilizing a modified version of the SharpHide tool to create hidden registry values, significantly complicating detection and deletion efforts. [+] SharpDelete by Andrew Petrus - Tool to delete hidden registry values ...
2 months ago Cybersecuritynews.com
CyberCrime & Doing Time: Classic Baggie: Part 2 - Q. I want to focus on your relationship with Classic Baggie. Q. You said you were working as an apprentice at that time. Q. Ms. Busch, could we pull up 402(c-1), which again is a larger version of that image. Q. Ms. Busch, can you please pull up ...
1 year ago Garwarner.blogspot.com
CVE-2021-41092 - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) ...
2 years ago
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
1 month ago Cybersecuritynews.com
CVE-2022-39206 - Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a ...
2 years ago
New Malware Hijacking Docker Images with Unique Obfuscation Technique - A newly discovered malware campaign is targeting Docker environments, employing a sophisticated, multi-layered obfuscation technique to evade detection and hijack compute resources for cryptojacking. Security researchers from Darktrace and Cado ...
2 weeks ago Cybersecuritynews.com
CVE-2023-22746 - CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a ...
2 years ago
NVIDIA’s Incomplete Patch for Critical Flaw Lets Attackers Steal AI Model Data - Organizations using NVIDIA Container Toolkit or Docker on Linux are at risk, especially those running AI workloads like machine learning for healthcare, finance, or autonomous systems. A critical vulnerability in NVIDIA’s Container Toolkit, ...
1 month ago Cybersecuritynews.com CVE-2024-0132
CVE-2024-6222 - In Docker Desktop before v4.29.0, an attacker who has gained access to the Docker Desktop VM through a container breakout can further escape to the host by passing extensions and dashboard related IPC messages. Docker Desktop v4.29.0 ...
10 months ago Tenable.com
The AI-Generated Child Abuse Nightmare Is Here - Over the course of September, analysts at the IWF focused on one dark web CSAM forum, which it does not name, that generally focuses on "Softcore imagery" and imagery of girls. Within a newer AI section of the forum, a total of 20,254 AI-generated ...
1 year ago Wired.com
but that doesn't mean we shouldn't be concerned - These images, believed to be created using Microsoft Designer, garnered widespread attention and highlighted the ever-growing challenge of AI-generated fake pornography. As these images rapidly spread across the platform, the incident not only ...
1 year ago Blog.avast.com
CVE-2023-45821 - Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which the ...
1 year ago
Hackers Modifying Registry Keys and Establishing Persistence - Persistence is one of the key things for threat actors to maintain their access to compromised systems and establish connections whenever they require. One of the key methods used to maintain persistence is the use of scheduled tasks. This enables ...
1 year ago Cybersecuritynews.com
CVE-2023-0629 - Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the ...
2 years ago
Hackers Exploiting Docker Swarm, Kubernetes & SSH Servers In Large Scale - The primary goal was “cryptojacking,” using the XMRig miner to mine “Monero cryptocurrency.” The attackers showed advanced tactics by manipulating “Docker Swarm,” to create a botnet-like network of compromised ...
7 months ago Cybersecuritynews.com TeamTNT
Content Credentials Show Promise, But Ecosystem Still Young - It's a good start, but an end-to-end workflow requires more: Cameras or smartphones to generate signed images, support for Content Credentials in a wide variety of image-editing software, and the ability to view authenticated metadata on social ...
2 months ago Darkreading.com
New Malware Campaign Exploits 9hits in Docker Assault - Security researchers have uncovered a novel cyber-attack campaign targeting vulnerable Docker services. The attacks mark the first documented case of malware utilizing the 9hits application as a payload. Discovered by Cado Security Labs, the campaign ...
1 year ago Infosecurity-magazine.com
CVE-2022-29186 - Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to ...
2 years ago
License Plate Readers Are Creating a US-Wide Database of Political Lawn Signs and Bumper Stickers | WIRED - These images were generated by AI-powered cameras mounted on cars and trucks, initially designed to capture license plates, but which are now photographing political lawn signs outside private homes, individuals wearing T-shirts with text, and ...
7 months ago Wired.com

Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)