CVE-2025-62725 in compose
Summary
by MITRE • 10/27/2025
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 11/28/2025
The vulnerability described in CVE-2025-62725 represents a critical path traversal flaw within Docker Compose's handling of remote OCI (Open Container Initiative) compose artifacts. This security issue stems from Docker Compose's improper trust in path information embedded within remote compose artifacts, creating a significant attack surface that allows malicious actors to manipulate file operations. The flaw specifically manifests when compose artifacts contain annotations such as com.docker.compose.extends or com.docker.compose.envfile, which are commonly used to specify additional configuration files or environment variables in Docker Compose deployments. The vulnerability operates at the intersection of improper input validation and insecure file handling practices, creating opportunities for arbitrary file overwrite attacks that bypass normal security boundaries.
The technical execution of this vulnerability occurs through a specific chain of operations where Docker Compose processes remote OCI artifacts and blindly concatenates attacker-supplied path values with its local cache directory. When the annotations com.docker.compose.file or com.docker.compose.envfile are present in remote layers, the system resolves these values by joining them with the local cache directory path without proper sanitization or validation. This process creates a path traversal condition where malicious path components such as ../ or ..\ can be exploited to escape the intended cache directory boundaries. The flaw exists regardless of the execution environment, affecting Docker Desktop on various platforms, standalone Compose binaries on Linux systems, CI/CD runners, and cloud development environments. This wide-reaching impact demonstrates the fundamental nature of the vulnerability, which operates at the core file system interaction layer of Docker Compose's artifact resolution mechanism.
The operational impact of CVE-2025-62725 extends far beyond typical privilege escalation scenarios, as it enables attackers to overwrite arbitrary files on the host system even when executing read-only commands. This means that legitimate users running commands such as docker compose config or docker compose ps can inadvertently trigger file system modifications that compromise the entire host environment. The vulnerability's severity is compounded by the fact that it operates without requiring elevated privileges or specific user permissions, making it particularly dangerous in multi-user environments or automated systems. From a cybersecurity perspective, this vulnerability aligns with CWE-22 (Path Traversal) and represents a classic example of insecure direct object reference patterns that have been consistently identified as high-risk in the industry. The attack vector is particularly insidious because it can be triggered through legitimate compose artifact resolution processes, making detection and prevention challenging for security monitoring systems.
Mitigation strategies for this vulnerability require immediate remediation through the deployment of Docker Compose version 2.40.2 or later, which includes proper path validation and sanitization mechanisms. Organizations should implement comprehensive monitoring of Docker Compose operations and establish strict policies around the use of remote compose artifacts, particularly in automated environments where untrusted content may be processed. Network-level controls and content filtering should be implemented to restrict access to untrusted OCI registries and ensure that only verified compose artifacts are processed by Docker Compose systems. Security teams should also consider implementing containerized execution environments for compose operations and establishing strict file system access controls around Docker cache directories to limit potential impact should the vulnerability be exploited. The fix implemented in version 2.40.2 demonstrates a proper approach to addressing path traversal vulnerabilities by incorporating input validation and secure path resolution techniques that prevent concatenation of untrusted path components with local directory paths. This vulnerability serves as a critical reminder of the importance of secure file handling practices in container orchestration tools and highlights the need for continuous security assessment of core infrastructure components.