A newly disclosed vulnerability in Docker Desktop’s Registry Access Management (RAM) feature has left macOS users vulnerable to unauthorized image pulls, undermining critical container security controls. Docker’s Registry Access Management (RAM) is designed to limit container image pulls to pre-approved registries, such as Docker Hub, Amazon ECR, or private artifact repositories. Docker’s security advisory noted that “Registry Access Management operates at the DNS level, making it vulnerable to localhost proxy bypasses-a risk compounded by CVE-2025-4095”. While Docker’s prompt patch limits immediate exposure, the incident underscores the need for defense-in-depth strategies, combining registry controls, artifact signing, and continuous vulnerability scanning. Designated CVE-2025-4095, the flaw allows developers to bypass registry restrictions enforced by administrators, potentially exposing organizations to malicious container images or unapproved software dependencies.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 30 Apr 2025 09:05:08 +0000