Sensitive Information Disclosure Vulnerability in Docker Desktop by Docker
CVE-2025-1696

5.2MEDIUM

Key Information:

Vendor: Docker
Status: Docker Desktop
Vendor: CVE Published:; 6 March 2025

What is CVE-2025-1696?

A security vulnerability in Docker Desktop before version 4.39.0 allows for the unintended exposure of sensitive information stored in application logs. Specifically, proxy configuration data may have been recorded in plain text within log files following an HTTP GET request processed through a proxy. This poses a risk, as an attacker with access to these logs could extract the proxy information, facilitating further attacks or unauthorized access. To mitigate this issue, Docker Desktop version 4.39.0 and later no longer logs the proxy string.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Docker Desktop Windows 0 < 4.39.0

References

https://docs.docker.com/desktop/settings-and-maintenance/...

https://docs.docker.com/desktop/troubleshoot-and-support/...

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Mar 6, 2025

JSON

Docker

What is CVE-2025-1696?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.