How severe is CVE-2025-1696?

This vulnerability has a severity rating of MEDIUM with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-1696?

This is classified as CWE-532, which is a common weakness in software security.

CVE-2025-1696 - MEDIUM Severity | CVSS N/A

Vulnerability Description

A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.

Related Vulnerabilities

CVE-2016-2943

LOW

CVSS:1.9(Low)

IBM BigFix Remote Control before 9.1.3 allows local users to obtain sensitive information by leveraging unspecified privileges to read a log file.

CWE-5322016

CVE-2021-32724

CRITICAL

CVSS:9.9(Critical)

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) en...

CWE-5322021

CVE-2022-36407

CRITICAL

CVSS:9.9(Critical)

Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virt...

CWE-5322022

CVE-2016-8233

CRITICAL

CVSS:9.8(Critical)

Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user.

CWE-5322016

CVE-2017-1000171

CRITICAL

CVSS:9.8(Critical)

Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.

CWE-5322017

CVE-2017-15366

CRITICAL

CVSS:9.8(Critical)

Before Thornberry NDoc version 8.0, laptop clients and the server have default database (Cache) users set up with a single password. This password is left behind in a cleartext log file during client ...

CWE-5322017