CVE-2025-49593

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions prior to 2.31.0 (STS) and prior to 2.27.7 (LTS)

Description The issue affects a lightweight service delivery platform for containerized applications, allowing management of Docker, Swarm, Kubernetes, and ACI environments. If an administrator is convinced to register a malicious container registry, or an existing registry is taken over, HTTP Headers may be leaked, including registry authentication credentials or session tokens.

Recommendations For versions prior to 2.31.0 (STS) and prior to 2.27.7 (LTS), update to version 2.31.0 (STS) or 2.27.7 (LTS) to resolve the issue. As a temporary workaround, consider restricting the registration of new container registries and monitoring existing ones for suspicious activity. Avoid using vulnerable registries until the issue is resolved.