Potential HTTP Header Leakage in Portainer Community Edition by Portainer
CVE-2025-49593

6.8MEDIUM

Key Information:

Vendor

Portainer

Status
Portainer
Vendor
CVE Published:
17 June 2025

What is CVE-2025-49593?

Portainer Community Edition, a lightweight platform for managing containerized applications such as Docker and Kubernetes, has a vulnerability that may allow potential exposure of sensitive HTTP headers. If an administrator of Portainer registers a malicious container registry or if an existing registry is compromised, critical information such as authentication credentials and session tokens may be inadvertently shared. This issue has been addressed in the STS version 2.31.0 and LTS version 2.27.7 releases, emphasizing the need for users to update their software to the latest version to mitigate the risk.

Affected Version(s)

portainer < 2.27.7 < 2.27.7

portainer < 2.31.0 < 2.31.0

References

https://github.com/portainer/portainer/security/advisorie...
x_refsource_CONFIRM
https://github.com/portainer/portainer/commit/384cb53c64a...
x_refsource_MISC
https://github.com/portainer/portainer/commit/b767dcb27ed...
x_refsource_MISC

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-49593 : Potential HTTP Header Leakage in Portainer Community Edition by Portainer