N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-62725

GHSA ID

GHSA-gv8h-7v7w-r22q

EPSS Score

CWE

CWE-20

Published

10/27/2025

Updated

10/27/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-62725

CVE-2025-62725: Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there.

Impact

This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps.

Patches

v2.40.2

Workarounds

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-62725

CVE-2025-62725:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-62725

GHSA ID

GHSA-gv8h-7v7w-r22q

EPSS Score

CWE

CWE-20

Published

10/27/2025

Updated

10/27/2025

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/docker/compose/v2	go	< 2.40.2	2.40.2

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability lies in Docker Compose's handling of file paths from OCI artifact annotations, leading to a path traversal vulnerability. The analysis of the provided patch 69bcb962bfb2ea53b41aa925333d356b577d6176 pinpoints two primary vulnerable functions in pkg/remote/oci.go.

First, remote.ociRemoteLoader.pullComposeFiles was identified as vulnerable. This function, when processing a layer with a com.docker.compose.extends annotation, would unsafely use the value from the com.docker.compose.file annotation to construct a file path. This lack of sanitization created a path traversal flaw. The patch mitigates this by removing the vulnerable file creation logic.

Second, the remote.writeEnvFile function was also found to be vulnerable. It directly used the file path from the com.docker.compose.envfile annotation to create a file, without any validation. This allowed for a similar path traversal attack. The fix involves adding a call to a new validatePathInBase function, which ensures the path from the annotation is safe before any file operations are performed.

The core of the vulnerability is the failure to validate user-controllable input (the file paths in the annotations). An attacker could exploit this by creating a malicious OCI artifact with path traversal sequences (../) in the annotations. This would cause Docker Compose to write files outside of the intended cache directory, which could be leveraged for arbitrary code execution or other forms of system compromise. The functions remote.ociRemoteLoader.pullComposeFiles and remote.writeEnvFile are the precise locations where this insecure processing of malicious input occurred.

Vulnerable functions

remote.ociRemoteLoader.pullComposeFiles

pkg/remote/oci.go

The function `pullComposeFiles` was vulnerable to path traversal. When processing an OCI artifact layer with the `com.docker.compose.extends` annotation, it would use the value of the `com.docker.compose.file` annotation to construct a file path. This path was not validated, allowing an attacker to write a file outside of the intended cache directory by crafting a malicious path in the `com.docker.compose.file` annotation (e.g., `../../../../tmp/pwned`).

remote.writeEnvFile

pkg/remote/oci.go

The function `writeEnvFile` was vulnerable to path traversal. It retrieves a file path from the `com.docker.compose.envfile` annotation of an OCI artifact layer and uses it to create a file. The path was not validated, allowing an attacker to write an environment file to an arbitrary location on the filesystem by providing a malicious path like `../../../../etc/profile.d/attack.sh`.

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-62725: Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Impact

Patches

Workarounds

CVE-2025-62725:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-62725: Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Impact

Patches

Workarounds

N/A

N/A

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI