CVE-2025-62725
published 2025-10-27CVE-2025-62725: Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or…
PriorityP260high8.9CVSS 4.0
AVNACLATPPRNUIAVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
13.85%
96.1th percentile
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | docker-compose | — | — |
| docker | compose | < 2.40.2 | 2.40.2 |
| github.com | docker_compose_v2 | >= 0 < 2.40.2 | 2.40.2 |
| github.com | docker_compose_v2 | >= 2.34.0 < 2.40.2 | 2.40.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on arbitrary file write operations originating from the Docker Compose process (docker compose) outside of its expected local cache directory, especially when triggered by read-only subcommands such as 'docker compose config' or 'docker compose ps'. ↗
- ·The vulnerability is exploitable even when users run read-only Docker Compose commands; detection and blocking must not be limited to write-oriented subcommands. ↗
- ·The attack vector requires user interaction (resolving a remote OCI compose artifact), but the impact is rated Important due to potential privilege escalation or further code execution via overwritten config/env/script files. ↗
CVSS provenance
nvdv4.08.9HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
osv8.9HIGH
vendor_debian8.9LOW
vendor_redhat8.9HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
docker-compose: Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
vendor_redhat·2025-10-27·CVSS 8.9
CVE-2025-62725 [HIGH] CWE-22 docker-compose: Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
docker-compose: Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose
Debian
CVE-2025-62725: docker-compose - Docker Compose trusts the path information embedded in remote OCI compose artifa...
vendor_debian·2025·CVSS 8.9
CVE-2025-62725 [HIGH] CVE-2025-62725: docker-compose - Docker Compose trusts the path information embedded in remote OCI compose artifa...
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
Scope: local
bookworm: resolved
bu
OSV
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose
osv·2025-10-30
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose
OSV
CVE-2025-62725: Docker Compose trusts the path information embedded in remote OCI compose artifacts
osv·2025-10-27·CVSS 8.9
CVE-2025-62725 [HIGH] CVE-2025-62725: Docker Compose trusts the path information embedded in remote OCI compose artifacts
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
GHSA
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
ghsa·2025-10-27
CVE-2025-62725 [HIGH] CWE-20 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there.
### Impact
This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected.
An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose con
OSV
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
osv·2025-10-27
CVE-2025-62725 [HIGH] Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there.
### Impact
This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected.
An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose con
No detection rules found.
No public exploits indexed.
2025-10-27
Published