Docker Compose Vulnerability Allows Attackers to Overwrite Arbitrary Files
Posted: Wed Oct 29, 2025 12:54 pm
A critical path traversal vulnerability discovered in Docker Compose has exposed millions of deployments to arbitrary file write attacks.
Tracked as CVE-2025-62725, the flaw enables attackers to write files anywhere on host systems through specially crafted OCI artifacts, potentially leading to complete system compromise without users ever launching containers.
The vulnerability was identified in early October 2025 and carries a high CVSS 3.1 score of 8.9, affecting all Docker Compose versions prior to v2.40.2.
https://cyberpress.org/docker-compose-v ... ary-files/
Tracked as CVE-2025-62725, the flaw enables attackers to write files anywhere on host systems through specially crafted OCI artifacts, potentially leading to complete system compromise without users ever launching containers.
The vulnerability was identified in early October 2025 and carries a high CVSS 3.1 score of 8.9, affecting all Docker Compose versions prior to v2.40.2.
https://cyberpress.org/docker-compose-v ... ary-files/