CVE-2025-13743

State: PUBLISHED · Published: 2025-12-09 · Updated: 2025-12-10 · Assigner: Docker

Description

Docker Desktop diagnostics bundles were found to include expired Hub PATs in log output due to error object serialization. This poses a risk of leaking sensitive information in exported diagnostics, especially when access denied errors occurred.

CWE

CWE-532 — CWE-532 Insertion of Sensitive Information into Log File

Affected

Docker / Docker Desktop — v=4.51.0 <4.54.0 [affected]

CVSS

4.0 score=2.4 severity=LOW CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

References

https://docs.docker.com/desktop/troubleshoot-and-support/troubleshoot/#troubleshoot-menu

Source

cvelistV5-main/cves/2025/13xxx/CVE-2025-13743.json