CVE-2025-6587: 
Docker Desktop vulnerability analysis and mitigation

System environment variables are recorded in Docker Desktop diagnostic logs when using shell auto-completion. This vulnerability (CVE-2025-6587) leads to unintentional disclosure of sensitive information such as API keys and passwords. The issue was discovered and disclosed in July 2025, affecting Docker Desktop versions prior to 4.43.0 (NVD, CVE).

The vulnerability occurs when shell auto-completion is used with Docker Desktop, causing system environment variables to be recorded in diagnostic logs. This creates a potential security risk as sensitive information gets logged unintentionally. The vulnerability has been assigned a CVSS v4.0 Base Score of 5.2 (Medium) with the vector string CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H. The weakness is categorized under CWE-532 (Insertion of Sensitive Information into Log File) (NVD).

A malicious actor with read access to Docker Desktop diagnostic logs could obtain secrets such as API keys and passwords, potentially leading to unauthorized access to other systems. The exposure of sensitive environment variables could compromise system security and lead to further exploitation of connected services (NVD).

The vulnerability has been fixed in Docker Desktop version 4.43.0, which no longer logs system environment variables as part of diagnostics log collection. Users are advised to upgrade to this version or later to mitigate the risk (NVD).