Sensitive Information Disclosure in Docker Desktop by Docker, Inc.
CVE-2025-6587

5.2MEDIUM

Key Information:

Vendor: Docker
Status: Docker Desktop
Vendor: CVE Published:; 3 July 2025

What is CVE-2025-6587?

In Docker Desktop, system environment variables can inadvertently be included in diagnostic logs when users employ shell auto-completion features. This can lead to the unintentional exposure of sensitive information, including API keys and passwords. If a malicious actor gains read access to these logs, they may exploit this data to obtain unauthorized access to other systems. Docker has addressed this issue by ensuring that starting with version 4.43.0, system environment variables are no longer logged in the diagnostics collection process.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Docker Desktop MacOS 0 < 4.43.0

References

https://docs.docker.com/desktop/troubleshoot-and-support/...

CVSS V4

Score:

5.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jul 3, 2025
Vulnerability Reserved
Jun 24, 2025

JSON

Docker

What is CVE-2025-6587?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.