CVE-2025-62725

Name of the Vulnerable Software and Affected Versions Docker Compose versions prior to 2.40.2

Description Docker Compose is affected by a path traversal flaw stemming from improper restriction of path names to accessible directories. This issue allows a remote attacker to overwrite arbitrary files on the system running Docker Compose. The flaw occurs when processing OCI compose artifacts containing annotations like com.docker.compose.extends or com.docker.compose.envfile. Specifically, the attacker-supplied values from com.docker.compose.file or com.docker.compose.envfile are joined with the local cache directory, enabling the attacker to write files outside the intended cache location. This can be triggered even when using read-only commands such as docker compose config or docker compose ps. Exploitation can lead to system compromise, potentially through overwriting binaries like Docker itself or modifying SSH authorized keys for immediate server access.

Recommendations Upgrade to Docker Compose version 2.40.2 or later to address this issue.