Docker Desktop MacOS RAM Policy Bypass Allows Unrestricted Registry Pull
CVE-2025-4095 Published on April 29, 2025
Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile
Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2025-4095 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2025-4095
Want to know whenever a new CVE is published for Docker Desktop? stack.watch will email you.
Affected Versions
Docker Desktop:- Version 4.36.0 and below 4.41.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.