CVE-2025-3911: Exposure in Docker Desktop logs of environment variables configured for running containers
Description
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc.
A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user.
Classification
CVE ID: CVE-2025-3911
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.2
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H
Problem Types
CWE-532 Insertion of Sensitive Information into Log FileAffected Products
Vendor: Docker
Product: Docker Desktop
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.02% (probability of being exploited)
EPSS Percentile: 3.28% (scored less or equal to compared to others)
EPSS Date: 2025-05-28 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-3911https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#check-the-logs