Docker Compose Path Traversal (CVE-2025-62725) Allows Arbitrary File Overwrite via OCI Artifacts

The Docker Compose project has disclosed a high-severity path traversal vulnerability tracked as CVE-2025-62725 (CVSS v4 8.9), which affects users across Docker Desktop, standalone Compose binaries, CI/CD pipelines, and cloud development environments.

According to the advisory, “Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker-supplied value from com.docker.compose.file or com.docker.compose.envfile with its local cache directory and writes the file there.”

This design flaw enables a path traversal attack, allowing malicious actors to escape the Compose cache directory and overwrite arbitrary files on the host system.

The advisory highlights that the impact is broad and critical, affecting “any platform or workflow that resolves remote OCI compose artifacts.” In practice, this includes Docker Desktop installations, Linux-based standalone Compose binaries, continuous integration runners, and cloud developer sandboxes.

Worryingly, exploitation does not require building or running a container. The vulnerability can be triggered through read-only commands such as docker compose config or docker compose ps, which are commonly executed during configuration validation or CI linting.

As the project maintainers warn, “An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read only commands such as docker compose config or docker compose ps.”

This means developers or automation pipelines that process untrusted OCI Compose files—for example, from remote registries or third-party sources—are at significant risk.

The root cause lies in how Docker Compose handles OCI artifact layers and their annotations. OCI (Open Container Initiative) artifacts allow Compose files to be distributed and versioned remotely.

However, Docker Compose versions prior to v2.40.2 implicitly trusted annotation values within these layers—particularly those using the keys com.docker.compose.extends and com.docker.compose.envfile. By injecting malicious relative paths (e.g., ../../../../../etc/passwd), an attacker could trick Compose into writing outside its intended cache directory, thereby overwriting system files or sensitive configuration data.

Docker has released a patch addressing the vulnerability in Docker Compose v2.40.2, which introduces stricter validation and sanitization of annotation paths.

Related Posts:

• Critical Cisco ISE Cloud Vulnerability (CVSS 9.9) with PoC Exploit Threatens AWS, Azure, OCI
• A Critical Alert for Composer’s PHP Dependency Management
• Tenable Exposes Critical “CloudImposer” Vulnerability in Google Cloud Platform Composer
• Critical Security Flaws Discovered in Popular PHP Package Manager