Main Vulnerability Database Vulnerabilities #VU107606

Inclusion of Sensitive Information in Log Files in Buildx - CVE-2025-0495

Published: April 18, 2025

Vulnerability identifier: #VU107606

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-0495

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Docker Inc.

Affected software:
Buildx

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records.

How to mitigate CVE-2025-0495

Install updates from vendor's website.

Sources

https://bugzilla.suse.com/show_bug.cgi?id=1239765

Inclusion of Sensitive Information in Log Files in Buildx - CVE-2025-0495

Detailed vulnerability description

How to mitigate CVE-2025-0495

Sources

Please verify you're human