AI description
CVE-2025-62725 is a path traversal vulnerability in Docker Compose that allows attackers to write arbitrary files on the host system. This flaw exists because Docker Compose trusts path information embedded in remote OCI compose artifacts. When processing OCI layers, Compose uses annotations to determine where to write files, but it fails to properly validate these paths. An attacker can craft malicious annotations with path traversal sequences to escape the intended cache directory and write files to arbitrary locations where the Compose process has write permissions. This can be exploited by tricking a user into referencing a malicious remote artifact, even through read-only commands like `docker compose config` or `docker compose ps`. A successful exploit could lead to complete system compromise, potentially by injecting an SSH public key into the target system's authorized_keys file.
- Description
- Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.9
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-22
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
39
CVE-2025-62725: From #docker compose ps” to #System_Compromise https://t.co/aBaDyuYCQq https://t.co/NPNEJucRMQ
@omvapt
29 Oct 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
برای محصول Docker Compose آسیب پذیری جدیدی با کد شناسایی CVE-2025-62725 و از نوع path traversal منتشر شده است . این آسیب پذیری باعث ایجاد فایل بر روی سیستم Host می شود. برای امن س
@EthicalSafe
29 Oct 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
this week in containers can't contain we see CVE-2025-62725 hitting an 8.9 - be careful running all those compose files on github - even read-only cmds like ps allow escape https://t.co/S9IOZLQijW
@nanovms
29 Oct 2025
218 Impressions
1 Retweet
6 Likes
1 Bookmark
0 Replies
0 Quotes
Docker Compose Flaw Allows Arbitrary File Overwrites A path traversal flaw in Docker Compose (CVE-2025-62725) allows attackers to write arbitrary files to host systems via crafted OCI artifacts. Discovered in October 2025, it has a high severity CVSS score of 8.9. This https://t
@Secwiserapp
29 Oct 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CRITICAL: Docker Flaw (CVE-2025-62725) Allows Full Server Hijack. Why Your CI/CD Pipeline is Broken. Read the full report on - https://t.co/hBTY1bYd77 https://t.co/CtcLsLxw8n
@Iambivash007
29 Oct 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Docker Composeに深刻なパストラバーサル脆弱性(CVE-2025-62725、CVSS 8.9)が発覚した。攻撃者はOCI Composeアーティファクト内の悪意ある注釈を利用し、Composeのキャッシュ領域を脱出して任意のファイルを上書きでき
@yousukezan
29 Oct 2025
37128 Impressions
86 Retweets
279 Likes
140 Bookmarks
0 Replies
5 Quotes
This was a fun one! Docker just patched a high-severity vulnerability I found in Docker Compose (CVE-2025-62725, rated CVSS 8.9). I discovered that including an OCI include statement in a Docker Compose YAML file could lead to an arbitrary file write on the host at OCI
@RonMasas
28 Oct 2025
16600 Impressions
44 Retweets
153 Likes
74 Bookmarks
1 Reply
3 Quotes
[CVE-2025-62725: HIGH] Docker Compose vulnerability leads to potential file overwrite attacks. Update to v2.40.2 to secure systems using Docker Desktop, standalone Compose binaries, or cloud dev environments.#cve,CVE-2025-62725,#cybersecurity https://t.co/OI7GXa5MKx https://t.co/
@CveFindCom
27 Oct 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes