VYPR
Medium severity6.8OSV Advisory· Published Jun 17, 2025· Updated Apr 15, 2026

CVE-2025-49593

CVE-2025-49593

Description

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. Prior to STS version 2.31.0 and LTS version 2.27.7, if a Portainer administrator can be convinced to register a malicious container registry, or an existing container registry can be taken over, HTTP Headers (including registry authentication credentials or Portainer session tokens) may be leaked to that registry. This issue has been patched in STS version 2.31.0 and LTS version 2.27.7.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Portainer/PortainerOSV2 versions
    1.11.3, 1.20.0, 2.0.0, …+ 1 more
    • (no CPE)range: 1.11.3, 1.20.0, 2.0.0, …
    • (no CPE)range: < 2.31.0 (STS) and < 2.27.7 (LTS)

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.