CVE-2025-32111

{"id": "CVE-2025-32111", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 2.2}]}, "published": "2025-04-04T07:15:42.580", "references": [{"url": "https://github.com/acmesh-official/acme.sh/commit/40b6db6a2715628aa977ed1853fe5256704010ae", "source": "cve@mitre.org"}, {"url": "https://github.com/acmesh-official/acme.sh/commit/a1de13657e79c5471dbc8fa3539ea39160937389", "source": "cve@mitre.org"}, {"url": "https://github.com/actions/checkout/blob/85e6279cec87321a52edac9c87bce653a07cf6c2/README.md?plain=1#L70-L72", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-260"}]}], "descriptions": [{"lang": "en", "value": "The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks \"persist-credentials: false\" for actions/checkout."}, {"lang": "es", "value": "La imagen de Docker de acme.sh anterior a 40b6db6 se basa en un archivo .github/workflows/dockerhub.yml que carece de \"persist-credentials: false\" para acciones/pago."}], "lastModified": "2025-04-07T14:18:15.560", "sourceIdentifier": "cve@mitre.org"}