Sensitive Information Disclosure Vulnerability in Docker Desktop by Docker
CVE-2025-1696

5.2MEDIUM

Key Information:

Vendor: Docker
Status: Docker Desktop
Vendor: CVE Published:; 6 March 2025

What is CVE-2025-1696?

A security vulnerability in Docker Desktop before version 4.39.0 allows for the unintended exposure of sensitive information stored in application logs. Specifically, proxy configuration data may have been recorded in plain text within log files following an HTTP GET request processed through a proxy. This poses a risk, as an attacker with access to these logs could extract the proxy information, facilitating further attacks or unauthorized access. To mitigate this issue, Docker Desktop version 4.39.0 and later no longer logs the proxy string.

Affected Version(s)

Docker Desktop Windows 0 < 4.39.0

References

https://docs.docker.com/desktop/settings-and-maintenance/...

https://docs.docker.com/desktop/troubleshoot-and-support/...

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2025