Executive Summary
In 2026, Kaspersky's research highlighted significant security vulnerabilities within containerized environments, emphasizing the risks associated with outdated software, misconfigurations, and the use of untrusted images. The study revealed that 64 out of 100 analyzed Docker images contained critical vulnerabilities, with only 10% being fully up to date. These vulnerabilities expose organizations to potential attacks, including unauthorized access, data breaches, and system compromises. The findings underscore the necessity for organizations to implement robust security measures, such as regular updates, thorough configuration audits, and the use of trusted container images, to safeguard their containerized infrastructures.
Why This Matters Now
With the increasing adoption of containerized applications, the highlighted vulnerabilities present immediate and significant risks to organizational security. Addressing these issues is crucial to prevent potential exploits and ensure the integrity of containerized environments.
Attack Path Analysis
An attacker exploited a vulnerable containerized application to gain initial access, escalated privileges within the container, moved laterally to other containers, established command and control, exfiltrated sensitive data, and caused significant operational disruption.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited a public-facing application running in a container to gain unauthorized access.
Related CVEs
CVE-2025-55182
CVSS 10A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0, allowing unauthenticated attackers to execute arbitrary code on the server.
Affected Products:
Meta react-server-dom-webpack – 19.0.0, 19.1.0, 19.1.1, 19.2.0
Meta react-server-dom-parcel – 19.0.0, 19.1.0, 19.1.1, 19.2.0
Meta react-server-dom-turbopack – 19.0.0, 19.1.0, 19.1.1, 19.2.0
Exploit Status:
exploited in the wildCVE-2025-49844
CVSS 9.9A use-after-free vulnerability in Redis versions 8.2.1 and below allows authenticated users to execute arbitrary Lua scripts, potentially leading to remote code execution.
Affected Products:
Redis Redis – <= 8.2.1
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Deploy Container
Escape to Host
Container Administration Command
Container and Resource Discovery
Create or Modify System Process: Container Service
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities
Control ID: 6.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Identity and Access Management
Control ID: Pillar 2: Identity
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Information Technology/IT
Critical exposure to container vulnerabilities, supply chain attacks, and configuration weaknesses requiring immediate Kubernetes security and zero trust segmentation implementations.
Financial Services
High-risk containerized applications face privilege escalation threats and unencrypted traffic vulnerabilities, demanding PCI DSS compliance and enhanced egress security controls.
Health Care / Life Sciences
Container security gaps threaten HIPAA compliance with exposed credentials and lateral movement risks requiring encrypted traffic and comprehensive threat detection capabilities.
Computer Software/Engineering
DevOps teams managing vulnerable Docker images face supply chain compromise risks necessitating multicloud visibility, anomaly detection, and secure development practices.
Sources
- What’s in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistanthttps://securelist.com/container-security-typical-issues/119974/Verified
- Critical Security Vulnerability in React Server Componentshttps://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-componentsVerified
- Security Advisory: CVE-2025-49844https://redis.io/blog/security-advisory-cve-2025-49844/Verified
- React2Shell exploitation continues to escalate, posing 'significant risk'https://www.techradar.com/pro/security/react2shell-exploitation-continues-to-escalate-posing-significant-riskVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to move laterally, escalate privileges, and exfiltrate data by enforcing strict segmentation and identity-aware controls.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's initial access may have been limited by enforcing strict segmentation and identity-aware controls, reducing the likelihood of unauthorized entry.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges could have been constrained by limiting access to sensitive resources and enforcing strict identity-based policies.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement would likely have been limited by monitoring and controlling east-west traffic, reducing the ability to access other containers.
Control: Multicloud Visibility & Control
Mitigation: The attacker's command and control communications may have been detected and disrupted by providing comprehensive visibility and control over network traffic.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's data exfiltration efforts would likely have been constrained by enforcing strict egress policies and monitoring outbound traffic.
The attacker's ability to disrupt operations may have been limited by enforcing strict access controls and monitoring for unauthorized activities.
Impact at a Glance
Affected Business Functions
- Web Application Services
- Data Storage and Management
Estimated downtime: 7 days
Estimated loss: $500,000
Potential exposure of sensitive user data and internal application code.
Recommended Actions
Key Takeaways & Next Steps
- • Implement East-West Traffic Security to monitor and control lateral movement within the container environment.
- • Enforce Zero Trust Segmentation to limit access between containers and reduce the attack surface.
- • Utilize Multicloud Visibility & Control to detect and respond to anomalous activities across cloud environments.
- • Apply Egress Security & Policy Enforcement to prevent unauthorized data exfiltration.
- • Deploy Inline IPS (Suricata) to detect and block known exploit patterns targeting container vulnerabilities.
