Description

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a malicious container registry, or an existing container registry can be taken over, HTTP Headers (including registry authentication credentials or Portainer session tokens) may be leaked to that registry. This issue has been patched in STS version 2.31.0 and LTS version 2.27.7.

INFO

Published Date :

2025-06-17T21:27:38.542Z

Last Modified :

2025-06-18T13:41:17.580Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-49593 vulnerability.

Vendors Products
Portainer
  • Portainer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-49593.

URL Resource
https://github.com/portainer/portainer/commit/384cb53c64af78af8e1ac7ef5b0f91bad530e989 cve-icon cve-icon
https://github.com/portainer/portainer/commit/b767dcb27ed253b423facd2e04ef971985950fd3 cve-icon cve-icon
https://github.com/portainer/portainer/security/advisories/GHSA-h5jw-8c32-xfv6 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact