The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 23 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 23 Jul 2025 14:00:00 +0000

Type Values Removed Values Added
Description The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement.
Title DC/OS Marathon UI < 1.9.0 Unauthenticated RCE via Docker Mount Abuse
Weaknesses CWE-732
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-07-23T14:51:09.733Z

Reserved: 2025-07-22T19:22:02.304Z

Link: CVE-2017-20198

cve-icon Vulnrichment

Updated: 2025-07-23T14:50:57.208Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-23T14:15:32.140

Modified: 2025-07-25T15:29:44.523

Link: CVE-2017-20198

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.