DD release notes: security addition (#23614)

aevesdocker · web-flow · commit afac884db18d · 2025-10-27T15:37:32.000Z
## Description  ## Related issues or tickets  ## Reviews   - [ ] Technical review - [ ] Editorial review - [ ] Product review
diff --git a/content/manuals/desktop/release-notes.md b/content/manuals/desktop/release-notes.md
@@ -40,6 +40,10 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo
 >
 > Support for Windows 10 21H2 (19044) and 11 22H2 (22621) has ended. Installing Docker Desktop will require Windows 10 22H2 (19045) or Windows 11 23H2 (22631) in the next release.
 
+### Security
+
+- Fixed [CVE-2025-9164](https://www.cve.org/cverecord?id=CVE-2025-9164) where the Docker Desktop for Windows installer was vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.
+
 ### New 
 
 - [cagent](/manuals/ai/cagent/_index.md) is now available through Docker Desktop. 
diff --git a/content/manuals/security/security-announcements.md b/content/manuals/security/security-announcements.md
@@ -12,6 +12,12 @@ toc_max: 2
 
 {{< rss-button feed="/security/security-announcements/index.xml" text="Subscribe to security RSS feed" >}}
 
+## Docker Desktop 4.49.0 security update: CVE-2025-9164
+
+A vulnerability in Docker Desktop for Windows was fixed on October 23 in the [4.49.0](/manuals/desktop/release-notes.md#4490) release:
+
+- Fixed [CVE-2025-9164](https://www.cve.org/cverecord?id=CVE-2025-9164) where the Docker Desktop for Windows installer was vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.
+
 ## Docker Desktop 4.47.0 security update: CVE-2025-10657
 
 A vulnerability in Docker Desktop was fixed on September 25 in the [4.47.0](/manuals/desktop/release-notes.md#4470) release:

Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,10 @@ For more frequently asked questions, see the [FAQs](/manuals/desktop/troubleshoo`
`40`	`40`	`>`
`41`	`41`	`> Support for Windows 10 21H2 (19044) and 11 22H2 (22621) has ended. Installing Docker Desktop will require Windows 10 22H2 (19045) or Windows 11 23H2 (22631) in the next release.`
`42`	`42`
	`43`	`+### Security`
	`44`	`+`
	`45`	`+- Fixed [CVE-2025-9164](https://www.cve.org/cverecord?id=CVE-2025-9164) where the Docker Desktop for Windows installer was vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system directories, allowing local privilege escalation through malicious DLL placement.`
	`46`	`+`
`43`	`47`	`### New`
`44`	`48`
`45`	`49`	`- [cagent](/manuals/ai/cagent/_index.md) is now available through Docker Desktop.`