CVE-2025-62725
Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose
描述
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
如何修補 CVE-2025-62725
要修補 CVE-2025-62725,請將受影響套件升級到下列已修補版本。
- —未列出修補版本
- —未列出修補版本
- —升級至 2.40.2 或更新版本
- —升級至 2.40.2 或更新版本
CVE-2025-62725 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(4)
- from 0
- from 0
- >= 2.34.0, < 2.40.2
- from 0, < 2.40.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |