Path Traversal Vulnerability in Docker Compose via OCI Artifact Layer Annotations
A high-severity path traversal vulnerability, tracked as CVE-2025-62725, was discovered in Docker Compose's handling of OCI-based Compose artifacts. The flaw allowed attackers to exploit the way Docker Compose processed layer annotations such as com.docker.compose.file and com.docker.compose.envfile, enabling them to escape the intended cache directory and write arbitrary files to the host system. This vulnerability could be triggered by tricking a user into referencing a malicious remote artifact, and affected a wide range of environments including Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, and cloud development environments.
The vulnerability was rated High with a CVSS score of 8.9 and could be exploited even through read-only commands like docker compose config or docker compose ps. The issue was patched in Docker Compose version v2.40.2, and users are strongly advised to upgrade to this version or later to mitigate the risk. The vulnerability was responsibly disclosed and detailed technical analysis, including proof of concept and exploitation scenarios, has been published to aid defenders in understanding and addressing the issue.
Timeline
Oct 28, 2025
Technical details show read-only commands can trigger host file overwrite
By 2025-10-28, public technical analysis described how CVE-2025-62725 could be triggered through commands such as `docker compose ps` or `docker compose config`, not only when starting containers. A proof of concept demonstrated overwriting `~/.ssh/authorized_keys` to gain SSH access after a victim referenced a crafted remote artifact.
Oct 27, 2025
Security advisory warns of Docker Compose path traversal vulnerability
On 2025-10-27, Docker issued a security advisory for CVE-2025-62725 affecting Docker Compose versions prior to v2.40.2. The advisory warned that OCI artifact layer annotations could be abused for arbitrary file overwrite and urged users to upgrade.
Oct 27, 2025
Docker releases fix for CVE-2025-62725 in Compose v2.40.2
On 2025-10-27, Docker confirmed CVE-2025-62725, a high-severity path traversal flaw in Docker Compose's OCI artifact handling, and released Docker Compose v2.40.2 to address it. The fix added path validation to prevent writes outside the cache directory.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Docker Engine AuthZ Bypass Flaw Enables Host Access via Oversized API Requests
Docker disclosed a high-severity Docker Engine vulnerability, **CVE-2026-34040** (`CVSS 8.8`), that allows attackers to bypass authorization plugins and perform actions that should be blocked. The flaw stems from an incomplete fix for **CVE-2024-41110** and is triggered when a specially crafted oversized Docker API request causes the request body to be dropped before inspection by an AuthZ plugin. In affected environments, the plugin may approve container operations it would otherwise deny, opening a path to unauthorized privileged actions and potential host compromise. Researchers said an attacker with Docker API access could exploit the bug by padding a container-creation request beyond **1 MB** to launch a privileged container with access to the host filesystem, exposing sensitive assets such as **AWS credentials**, **SSH keys**, and **Kubernetes configurations**. The issue affects deployments that rely on authorization plugins inspecting request bodies, while environments not using those plugins are not impacted. Docker patched the vulnerability in **Docker Engine 29.3.1** and urged defenders to upgrade, restrict Docker API access, avoid AuthZ plugins that depend on request-body inspection, and use controls such as rootless mode, user namespace remapping, and least-privilege access to reduce risk.
4 weeks ago
Critical runC Vulnerabilities Enable Full Container Escape and Host Compromise
Security researchers have disclosed three critical vulnerabilities in the runC container runtime, which is widely used in platforms such as Docker and Kubernetes. The flaws, identified as CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881, arise from logic and race-condition errors in runC's handling of temporary bind mounts, symbolic links, and certain write operations. Attackers can exploit these weaknesses to break container isolation, potentially gaining write access to sensitive host system files and kernel interfaces such as `/proc/sys/kernel/core_pattern` or `/proc/sysrq-trigger`, leading to full container escapes and even host-level compromise. The vulnerabilities allow attackers to abuse masked paths, console bind-mounts, and redirected writes, bypassing standard hardening and isolation controls. Exploitation requires either custom mount configurations or the use of untrusted container images, but the risk is significant for orchestrated environments like Docker and Kubernetes. Security advisories from both the runC project and the U.S. National Vulnerability Database urge immediate updates to patched versions or the application of provided patches to mitigate these threats. The vulnerabilities highlight the importance of robust container runtime security and the potential impact of logic flaws in core infrastructure components.
1 months ago
Container Escape Vulnerabilities in runc via /dev/console Mount Races
Multiple vulnerabilities were discovered in *runc*, the container runtime used by Docker, Kubernetes, and other platforms, that allow attackers to escape container isolation. One of the critical flaws, tracked as CVE-2025-52565, arises from insufficient validation during the bind-mounting of `/dev/pts/$n` to `/dev/console` inside containers. Attackers can exploit this race condition to redirect the mount and gain write access to protected files in the procfs, such as `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern`, potentially leading to denial of service or container breakout. The vulnerability affects runc versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, and has been addressed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3. Exploitation of CVE-2025-52565 requires the ability to start containers with custom mount configurations, making environments that run untrusted container images or Dockerfiles particularly vulnerable. No active exploits have been reported as of the disclosure, but security researchers recommend updating to the patched runc versions and monitoring for suspicious container activity. The vulnerability is similar in concept to CVE-2025-31133 but targets a different aspect of the container initialization process, specifically the timing and validation of the `/dev/console` mount before security protections are fully applied.
1 months ago