Summary
| Vulnerability Name | Path Traversal in Docker Compose OCI Artifacts (CVE-2025-62725) |
| Released on | October 30, 2025 |
| Affected Component | Docker Compose |
| Affected Version | Docker Compose < 2.40.2 |
| Vulnerability Type | Path traversal |
| Exploitation Condition |
1. User authentication: not required.
2. Preconditions: default configurations.
3. Trigger mode: remote.
|
| Impact | Exploitation difficulty: medium. Attackers need to run Docker Compose commands. Severity: high-risk. This vulnerability can result in arbitrary file uploads. |
| Official Solution | Available |
About the Vulnerability
Component Introduction
Docker Compose is an official tool provided by Docker for defining, starting, and managing multi-container applications through a single configuration file, which simplifies the development, testing, and deployment processes. It uses a YAML file to uniformly configure resources such as services, networks, and volumes, and allows users to manage the lifecycle of the entire application stack through one click.
Vulnerability Description
On October 30, 2025, Sangfor FarSight Labs received notification of the path traversal vulnerability in Docker Compose (CVE-2025-62725), classified as high-risk in threat level.
Specifically, Docker Compose contains a path traversal vulnerability resulting from inadequate validation of remote Open Container Initiative (OCI) artifacts. Unauthorized attackers can craft malicious OCI artifacts and convince victims to run Docker Compose commands (including read-only commands), to exploit this vulnerability. Once this vulnerability is exploited, attackers can write malicious files to the target system, potentially leading to a server compromise.
Affected Versions
The following Docker Compose versions are affected:
Docker Compose < 2.40.2
Solutions
Remediation Solutions
Temporary Solution
Do not run Docker Compose commands that reference unknown OCI artifacts.
Official Solution
The latest version 2.40.2 has been officially released to fix the vulnerability. Affected users are advised to update Docker Compose to 2.40.2.
Download link: https://github.com/docker/compose/releases
Sangfor Solutions
Vulnerability Detection
The following Sangfor products can proactively detect CVE-2025-62725 vulnerabilities and quickly identify vulnerability risks in batches in business scenarios:
- Athena Managed Detection and Response (MDR): The corresponding detection solution will be released on November 20, 2025. The rule ID is SF-0005-21061.
- Athena Extended Detection and Response (XDR): The corresponding detection solution will be released on November 02, 2025. The rule ID is SF-2025-02113.
Timeline
On October 30, 2025, Sangfor FarSight Labs received notification of the path traversal vulnerability in Docker Compose (CVE-2025-62725).
On October 30, 2025, Sangfor FarSight Labs released a vulnerability alert.
References
https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q
Learn More
Sangfor FarSight Labs researches the latest cyber threats and unknown zero-day vulnerabilities, alerting customers to potential dangers to their organizations, and providing real-time solutions with actionable intelligence. Sangfor FarSight Labs works with other security vendors and the security community at large to identify and verify global cyber threats, providing fast and easy protection for customers.
