Home > Vulnerability Database > CVE-2025-49593

Mend.io Vulnerability Database

CVE-2025-49593

Good to know:

Date: June 17, 2025

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a malicious container registry, or an existing container registry can be taken over, HTTP Headers (including registry authentication credentials or Portainer session tokens) may be leaked to that registry. This issue has been patched in STS version 2.31.0 and LTS version 2.27.7.

Severity Score

6.8

Related Resources (5)

Url: https://github.com/portainer/portainer/security/advisories/GHSA-h5jw-8c32-xfv6

Url: https://github.com/portainer/portainer/commit/b767dcb27ed253b423facd2e04ef971985950fd3

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-49593

Url: https://github.com/portainer/portainer/commit/384cb53c64af78af8e1ac7ef5b0f91bad530e989

Url: https://www.mend.io/vulnerability-database/CVE-2025-49593

Severity Score

6.8

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Top Fix

Upgrade Version

Upgrade to version https://github.com/portainer/portainer.git - 2.27.7;https://github.com/portainer/portainer.git - 2.31.0

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-49593

Good to know:

Date: June 17, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?