High severity8.7OSV Advisory· Published Apr 4, 2025· Updated Apr 15, 2026
CVE-2025-32111
CVE-2025-32111
Description
The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21.2.2, 1.2.3, 2.0.2, …+ 1 more
- (no CPE)range: 1.2.2, 1.2.3, 2.0.2, …
- (no CPE)range: < 40b6db6
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.