CVE-2025-62725
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-62725, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-27

Last updated on: 2025-10-30

Assigner: GitHub, Inc.

Description

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-27
Last Modified
2025-10-30
Generated
2026-07-06
AI Q&A
2025-10-27
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
docker compose 2.40.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Docker Compose involves trusting path information embedded in remote OCI compose artifacts. When certain annotations like com.docker.compose.extends or com.docker.compose.envfile are present, Docker Compose combines attacker-supplied values with its local cache directory and writes files there. This allows an attacker to escape the cache directory and overwrite arbitrary files on the machine running Docker Compose, even when running read-only commands.

Impact Analysis

An attacker exploiting this vulnerability can overwrite arbitrary files on the host machine running Docker Compose. This can lead to unauthorized modification of files, potential system compromise, data corruption, or disruption of services, even if the user only runs read-only Docker Compose commands.

Mitigation Strategies

Update Docker Compose to version 2.40.2 or later, as this version contains the fix for the vulnerability. Avoid using untrusted remote OCI compose artifacts until the update is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62725. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart