CVE-2025-13743
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: Docker Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| docker | docker_desktop | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-532 | The product writes sensitive information to a log file. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Docker Desktop diagnostics bundles including expired Hub Personal Access Tokens (PATs) in their log output due to error object serialization. This means that sensitive information, specifically expired authentication tokens, can be unintentionally exposed in exported diagnostic logs, especially when access denied errors occur.
How can this vulnerability impact me? :
The vulnerability can lead to leakage of sensitive information such as expired Hub Personal Access Tokens in diagnostic logs. If these logs are exported or shared, it could expose authentication tokens that might be used to gain unauthorized access or compromise security, increasing the risk of information disclosure.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability poses a risk of leaking sensitive information through exported diagnostics bundles that include expired Hub PATs in log output. Such leakage of sensitive data could potentially impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive information. However, specific compliance impacts are not detailed in the provided resources. [1]