CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6587 – Exposure of system environment variables in Docker Desktop diagnostic logs
https://notcve.org/view.php?id=CVE-2025-6587
03 Jul 2025 — System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use them to gain unauthorized access to other systems. Starting with version 4.43.0 Docker Desktop no longer logs system environment variables as part of diagnostics log collection. • https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 50%CPEs: 1EXPL: 0NotCVE-2025-0001 – Insufficient network isolation
https://notcve.org/view.php?id=NotCVE-2025-0001
05 Jun 2025 — When you run a container on the default Docker “bridge” network, Docker sets up NAT (Network Address Translation) rules using your system’s firewall (via iptables). For example, the following command forwards traffic from port 8080 on your host to port 80 in the container. docker run -d -p 8080:80 my-web-app However, if your host’s filter-FORWARD chain is permissive (i.e., ACCEPT by default) and net.ipv4.ip_forward is enabled, unpublished ports could also be remotely accessible under certain conditions. ... • https://www.docker.com/blog/docker-engine-28-hardening-container-networking-by-default/ • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3911 – Exposure in Docker Desktop logs of environment variables configured for running containers
https://notcve.org/view.php?id=CVE-2025-3911
29 Apr 2025 — Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user. Recording of environment variables, configured f... • https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4095 – Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile
https://notcve.org/view.php?id=CVE-2025-4095
29 Apr 2025 — Registry Access Management (RAM) is a security feature allowing administrators to restrict access for their developers to only allowed registries. When a MacOS configuration profile is used to enforce organization sign-in, the RAM policies are not being applied, which would allow Docker Desktop users to pull down unapproved, and potentially malicious images from any registry. • https://docs.docker.com/security/for-admins/hardened-desktop/registry-access-management • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3224 – Elevation of Privilege in Docker Desktop for Windows during Upgrade due to Insecure Directory Deletion
https://notcve.org/view.php?id=CVE-2025-3224
28 Apr 2025 — A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, ... • https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0495 – Secrets leakage to telemetry endpoint via cache backend configuration via buildx
https://notcve.org/view.php?id=CVE-2025-0495
17 Mar 2025 — Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache bac... • https://github.com/docker/buildx • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1696 – Exposure of Proxy Credentials in Docker Desktop Logs
https://notcve.org/view.php?id=CVE-2025-1696
06 Mar 2025 — A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Doc... • https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9348 – Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view
https://notcve.org/view.php?id=CVE-2024-9348
16 Oct 2024 — Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. Docker Desktop anterior a v4.34.3 permite RCE a través de un enlace de origen de GitHub no desinfectado en la vista de compilación. • https://docs.docker.com/desktop/release-notes/#4343 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8696 – A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
https://notcve.org/view.php?id=CVE-2024-8696
12 Sep 2024 — A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8695 – A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
https://notcve.org/view.php?id=CVE-2024-8695
12 Sep 2024 — A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2. • https://docs.docker.com/desktop/release-notes/#4342 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •