VDB
DEBIAN-CVE-2025-0495
DEBIAN-CVE-2025-0495
PUBLISHED
CVSS 4.099999904632568 MEDIUM
Buildx is a Docker CLI plugin that extends build capabilities using BuildKit. Cache backends support credentials by setting secrets directly as attribute values in cache-to/cache-from configuration. When supplied as user input, these secure values may be inadvertently captured in OpenTelemetry traces as part of the arguments and flags for the traced CLI command. OpenTelemetry traces are also saved in BuildKit daemon's history records. This vulnerability does not impact secrets passed to the Github cache backend via environment variables or registry authentication.
Risk Scores
CVSS 4.0
4.099999904632568
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | docker-buildx | 0, 0 |
| Debian:13 | docker-buildx | 0, 0 |
Timeline
- Mar 17, 2025 CVE Published
- Apr 28, 2026 CVE Updated