CVE-2025-62725
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2025-10-30

Assigner: GitHub, Inc.

Description
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2025-10-30
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62725
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
docker compose 2.40.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Docker Compose involves trusting path information embedded in remote OCI compose artifacts. When certain annotations like com.docker.compose.extends or com.docker.compose.envfile are present, Docker Compose combines attacker-supplied values with its local cache directory and writes files there. This allows an attacker to escape the cache directory and overwrite arbitrary files on the machine running Docker Compose, even when running read-only commands.

Impact Analysis

An attacker exploiting this vulnerability can overwrite arbitrary files on the host machine running Docker Compose. This can lead to unauthorized modification of files, potential system compromise, data corruption, or disruption of services, even if the user only runs read-only Docker Compose commands.

Mitigation Strategies

Update Docker Compose to version 2.40.2 or later, as this version contains the fix for the vulnerability. Avoid using untrusted remote OCI compose artifacts until the update is applied.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62725. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart