CVE-2025-1696

06.03.2025, 12:15

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration datapotentially including sensitive detailswas written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.

Provider	Type	Base Score	Vector
NIST	NIST	UNKNOWN	---
Docker	CNA	---	---
CISA-ADP	ADP	---	---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Common Weakness Enumeration

CWE-532 - Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References

https://docs.docker.com/desktop/settings-and-maintenance/settings/#proxies

https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs