A Hard box that chains an unauthenticated API leak, Cacti RCE, and a CVE-2025-9074 Docker Desktop escape to reach the host filesystem. The container escape is the highlight.