A critical path traversal vulnerability discovered in Docker Compose has exposed millions of deployments to arbitrary file write attacks.
Tracked as CVE-2025-62725, the flaw enables attackers to write files anywhere on host systems through specially crafted OCI artifacts, potentially leading to complete system compromise without users ever launching containers.
The vulnerability was identified in early October 2025 and carries a high CVSS 3.1 score of 8.9, affecting all Docker Compose versions prior to v2.40.2.
From development environments to enterprise CI/CD pipelines and cloud infrastructure, the scope of potential targets is vast, making immediate patching essential for organizations relying on Docker Compose.
How the Vulnerability Exploits OCI Artifacts
Docker Compose recently introduced support for OCI-based Compose artifacts, allowing developers to fetch and include Compose files from remote registries to improve portability and streamline workflows.
However, this feature introduced a dangerous validation gap that attackers have quickly learned to exploit.
When Compose processes remote OCI layers, it trusts annotations that specify where downloaded files should be written to disk without properly validating these paths.
An attacker can craft malicious annotations containing path traversal sequences that escape the intended cache directory entirely, enabling files to be written to arbitrary locations on the host system where the Compose process has write permissions.
The vulnerable code failed to normalize or validate paths before writing them to disk. This means attackers could inject annotations directing Compose to write files into sensitive system locations, including SSH directories, configuration folders, and other critical areas.
The proof-of-concept demonstrated by Imperva shows how an attacker could inject an SSH public key into the target system’s authorized_keys file, granting immediate remote access to the compromised host.
Silent Exploitation Without Container Execution
What makes this vulnerability particularly dangerous is that attackers don’t need users to explicitly start containers to trigger the flaw.
Seemingly harmless commands like docker compose ps or docker compose config force Compose to fetch and reconstruct remote OCI artifacts, automatically processing untrusted content without user awareness.
An attacker needs only to trick a victim into running any Compose command in a directory containing a malicious docker-compose.yaml file to trigger the vulnerability.
This silent exploitation mechanism eliminates the typical warning signs users might expect from running untrusted containers, making the attack vector exceptionally effective and difficult to detect without proper security monitoring.
Docker released patch Docker Compose v2.40.2 and later versions that introduce proper path validation mechanisms.
The fix normalizes and validates all annotation-derived paths before writing them to disk, rejecting any paths that resolve outside the cache directory or contain absolute paths.
Organizations using Docker Compose must upgrade immediately to prevent potential exploitation and system compromise.
| CVE ID | Component | Vulnerability Type | CVSS 3.1 Score | Affected Versions | Patched Version |
|---|---|---|---|---|---|
| CVE-2025-62725 | Docker Compose OCI Artifacts | Path Traversal / Arbitrary File Write | 8.9 (High) | Prior to v2.40.2 | v2.40.2 and later |
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1).webp?resize=1600,900&ssl=1&description=The vulnerability was identified in early October 2025 and carries a high CVSS 3.1 score of 8.9, affecting all Docker Compose versions prior to v2.40.2.){kind=link}