CVE-2025-6587

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.43.0

Description: The issue concerns the recording of system environment variables in Docker Desktop diagnostic logs when using shell auto-completion. This leads to the unintentional disclosure of sensitive information, such as API keys and passwords. A malicious actor with read access to these logs could obtain secrets and use them to gain unauthorized access to other systems.

Recommendations: For versions prior to 4.43.0, update to version 4.43.0 or later to prevent system environment variables from being logged as part of diagnostics log collection. As a temporary workaround, consider restricting access to the diagnostic logs to minimize the risk of exploitation. Avoid using shell auto-completion in Docker Desktop until the issue is resolved.