CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-32111: The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for...

8.7 CVSS

Description

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout.

Classification

CVE ID: CVE-2025-32111

CVSS Base Severity: HIGH

CVSS Base Score: 8.7

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Problem Types

CWE-260 Password in Configuration File

Affected Products

Vendor: acme.sh project

Product: acme.sh

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 10.28% (scored less or equal to compared to others)

EPSS Date: 2025-05-03 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32111
https://github.com/acmesh-official/acme.sh/commit/a1de13657e79c5471dbc8fa3539ea39160937389
https://github.com/acmesh-official/acme.sh/commit/40b6db6a2715628aa977ed1853fe5256704010ae
https://github.com/actions/checkout/blob/85e6279cec87321a52edac9c87bce653a07cf6c2/README.md?plain=1#L70-L72

Timeline

2025-04-04 07:40:10 UTC
CVE

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for...