Vulnerability Description
Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain sensitive credentials information and further use it to gain unauthorized access to other systems. Starting with version 4.41.0, Docker Desktop no longer logs environment variables set by the user.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-3911?
CVE-2025-3911 is a documented vulnerability. Recording of environment variables, configured for running containers, in Docker Desktop application logs could lead to unintentional disclosure of sensitive information such as api keys, passwords, e...
How severe is CVE-2025-3911?
CVSS scoring is not yet available for CVE-2025-3911. Check NVD for updates.
Is there a patch for CVE-2025-3911?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.