CVE-2025-32111

Summary

The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks "persist-credentials: false" for actions/checkout.

Affected Software

VendorProductVersion RangeStatus
acme.sh projectacme.sh0 < 40b6db6a2715628aa977ed1853fe5256704010aeaffected

Weaknesses

  • CWE-260: CWE-260 Password in Configuration File

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References