How severe is CVE-2025-0495?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-0495?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2025-0495 - MEDIUM Severity | CVSS N/A

Vulnerability Description

Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.

Related Vulnerabilities

CVE-2016-2943

LOW

CVSS:1.9(Low)

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.

CWE-5322016

CVE-2021-32724

CRITICAL

CVSS:9.9(Critical)

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) en...

CWE-5322021

CVE-2022-36407

CRITICAL

CVSS:9.9(Critical)

Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virt...

CWE-5322022

CVE-2016-8233

CRITICAL

CVSS:9.8(Critical)

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

CWE-5322016

CVE-2017-1000171

CRITICAL

CVSS:9.8(Critical)

Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

CWE-5322017

CVE-2017-15366

CRITICAL

CVSS:9.8(Critical)

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client ...

CWE-5322017