CVE-2025-3911

Name of the Vulnerable Software and Affected Versions Docker Desktop versions prior to 4.41.0

Description The issue concerns the recording of environment variables in Docker Desktop application logs, which could lead to unintentional disclosure of sensitive information such as API keys and passwords. A malicious actor with read access to these logs could obtain sensitive credentials information and use it to gain unauthorized access to other systems.

Recommendations For Docker Desktop versions prior to 4.41.0, update to version 4.41.0 or later to prevent the logging of environment variables set by the user. As a temporary workaround, consider restricting access to the application logs to minimize the risk of exploitation.