{"id":"CVE-2025-32111","details":"The Docker image from acme.sh before 40b6db6 is based on a .github/workflows/dockerhub.yml file that lacks \"persist-credentials: false\" for actions/checkout.","modified":"2026-04-09T10:38:59.213055Z","published":"2025-04-04T07:15:42.580Z","references":[{"type":"WEB","url":"https://github.com/actions/checkout/blob/85e6279cec87321a52edac9c87bce653a07cf6c2/README.md?plain=1#L70-L72"},{"type":"FIX","url":"https://github.com/acmesh-official/acme.sh/commit/a1de13657e79c5471dbc8fa3539ea39160937389"},{"type":"FIX","url":"https://github.com/acmesh-official/acme.sh/commit/40b6db6a2715628aa977ed1853fe5256704010ae"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/acmesh-official/acme.sh","events":[{"introduced":"0"},{"fixed":"40b6db6a2715628aa977ed1853fe5256704010ae"}]},{"type":"GIT","repo":"https://github.com/acmesh-official/acme.sh","events":[{"introduced":"0"},{"fixed":"a1de13657e79c5471dbc8fa3539ea39160937389"}]}],"versions":["1.2.2","1.2.3","2.0.2","2.2.9","2.3.0","2.5.2","2.6.0","2.6.4","2.6.5","2.6.6","2.6.8","2.7.1","2.7.2","2.7.3","2.7.4","2.7.5","2.7.6","2.7.7","2.7.8","2.7.9","2.8.0","2.8.1","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.8.8","2.8.9","2.9.0","3.0.0","3.0.1","3.0.2","3.0.3","3.0.4","v2.6.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"acme.sh"},{"fixed":"40b6db6"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-32111.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"}]}