{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-62725", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-10-20T19:41:22.742Z", "datePublished": "2025-10-27T20:37:32.340Z", "dateUpdated": "2025-10-28T14:47:42.196Z"}, "containers": {"cna": {"title": "Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "baseScore": 8.9, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0"}}], "references": [{"name": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q"}, {"name": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176", "tags": ["x_refsource_MISC"], "url": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176"}], "affected": [{"vendor": "docker", "product": "compose", "versions": [{"version": "< 2.40.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-10-27T20:37:32.340Z"}, "descriptions": [{"lang": "en", "value": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker\u2011supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read\u2011only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2."}], "source": {"advisory": "GHSA-gv8h-7v7w-r22q", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-28T14:47:30.993646Z", "id": "CVE-2025-62725", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T14:47:42.196Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-62725", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-28T14:47:30.993646Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-28T14:47:35.348Z"}}], "cna": {"title": "Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations", "source": {"advisory": "GHSA-gv8h-7v7w-r22q", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.9, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "docker", "product": "compose", "versions": [{"status": "affected", "version": "< 2.40.2"}]}], "references": [{"url": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q", "name": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176", "name": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker\u2011supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read\u2011only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-10-27T20:37:32.340Z"}}}, "cveMetadata": {"cveId": "CVE-2025-62725", "state": "PUBLISHED", "dateUpdated": "2025-10-28T14:47:42.196Z", "dateReserved": "2025-10-20T19:41:22.742Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-10-27T20:37:32.340Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker\u2011supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read\u2011only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2."}], "id": "CVE-2025-62725", "lastModified": "2025-10-27T21:15:38.140", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.9, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2025-10-27T21:15:38.140", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176"}, {"source": "security-advisories@github.com", "url": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "docker-compose: Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations", "id": "2406643", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406643"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-22", "details": ["Docker Compose is vulnerable to a path traversal flaw in how it handles OCI artifact layer annotations. When processing remote OCI compose artifacts, Compose trusts attacker-controlled annotation fields such as com.docker.compose.extends and com.docker.compose.envfile. This allows a crafted artifact to escape the cache directory and overwrite arbitrary files on the host system, potentially leading to compromise of system integrity."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.\nThe risk can be reduced by avoiding the use of untrusted or third-party OCI compose artifacts and only sourcing artifacts from verified and trusted registries. Users should also restrict network access to prevent accidental retrieval of malicious remote artifacts and run Docker Compose commands only within controlled and isolated environments."}, "name": "CVE-2025-62725", "package_state": [{"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Affected", "package_name": "rhdh/rhdh-hub-rhel9", "product_name": "Red Hat Developer Hub"}], "public_date": "2025-10-27T20:37:32Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-62725\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-62725\nhttps://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176\nhttps://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q"], "statement": "This vulnerability is considered Important rather than Moderate because it enables an attacker to perform arbitrary file overwrite on the host system through a simple path traversal attack vector, even when the user executes seemingly safe, read-only Docker Compose commands such as docker compose ps or docker compose config. The issue arises from improper validation of attacker-controlled OCI annotation values, allowing malicious paths to break out of the intended cache directory. While user interaction is required, the potential impact on system confidentiality, integrity, and availability is significant\u2014modified configuration files, environment files, or scripts could lead to privilege escalation or further code execution.", "threat_severity": "Important"}