CVE-2025-15558

Upstream information

CVE-2025-15558 at MITRE

Description

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.

This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager package, such as Docker Compose.

This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.

---

Upstream Security Advisories:

• https://www.zerodayinitiative.com/advisories/ZDI-26-152/

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores

CVSS detail	National Vulnerability Database
Base Score	8
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	Low
User Interaction	Required
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High
CVSSv3 Version	3.1

CVSS v4 Scores

CVSS detail	CNA (Docker Inc)
Base Score	7
Vector	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:X/U:X
Attack Vector	Local
Attack Complexity	Low
Attack Requirements	None
Privileges Required	Low
User Interaction	Passive
Vulnerable System Confidentiality Impact	High
Vulnerable System Integrity Impact	High
Vulnerable System Availability Impact	High
Subsequent System Confidentiality Impact	None
Subsequent System Integrity Impact	None
Subsequent System Availability Impact	None
CVSSv4 Version	4.0

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	skaffold >= 2.18.0-1.1 skaffold-bash-completion >= 2.18.0-1.1 skaffold-fish-completion >= 2.18.0-1.1 skaffold-zsh-completion >= 2.18.0-1.1	Patchnames: openSUSE-Tumbleweed-2026-10369

---

SUSE Timeline for this CVE

CVE page created: Wed Mar 4 20:02:58 2026
CVE page last modified: Sat Mar 14 12:33:26 2026