CVE-2025-62725: Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

The vulnerability lies in Docker Compose's handling of file paths from OCI artifact annotations, leading to a path traversal vulnerability. The analysis of the provided patch 69bcb962bfb2ea53b41aa925333d356b577d6176 pinpoints two primary vulnerable functions in pkg/remote/oci.go.

First, remote.ociRemoteLoader.pullComposeFiles was identified as vulnerable. This function, when processing a layer with a com.docker.compose.extends annotation, would unsafely use the value from the com.docker.compose.file annotation to construct a file path. This lack of sanitization created a path traversal flaw. The patch mitigates this by removing the vulnerable file creation logic.

Second, the remote.writeEnvFile function was also found to be vulnerable. It directly used the file path from the com.docker.compose.envfile annotation to create a file, without any validation. This allowed for a similar path traversal attack. The fix involves adding a call to a new validatePathInBase function, which ensures the path from the annotation is safe before any file operations are performed.

The core of the vulnerability is the failure to validate user-controllable input (the file paths in the annotations). An attacker could exploit this by creating a malicious OCI artifact with path traversal sequences (../) in the annotations. This would cause Docker Compose to write files outside of the intended cache directory, which could be leveraged for arbitrary code execution or other forms of system compromise. The functions remote.ociRemoteLoader.pullComposeFiles and remote.writeEnvFile are the precise locations where this insecure processing of malicious input occurred.