Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    4 vulnerabilities found for Compose by Docker

    CVE-2025-15558 (GCVE-0-2025-15558)

    Vulnerability from nvd – Published: 2026-03-04 16:14 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
    Summary
    Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker CLI Unaffected: 29.2.0 (semver)
    Create a notification for this product.
    Docker Compose Unaffected: 5.1.0 (semver)
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Kernel Module Management Operator for Red Hat Openshift     cpe:/a:redhat:kernel_module_management:2
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Credits
    Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15558",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-05T04:55:47.099Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kernel_module_management:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Kernel Module Management Operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "unaffected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "unaffected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-04T16:14:32.045Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Docker CLI for Windows. A low-privileged attacker can exploit this vulnerability by creating a specific directory, C:\\ProgramData\\Docker\\cli-plugins, which does not exist by default. By placing malicious plugin binaries in this directory, an attacker can achieve privilege escalation when a victim user opens Docker Desktop or uses Docker CLI plugin features, provided the Docker CLI is executed with elevated privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:21.534Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-15558"
              },
              {
                "name": "RHBZ#2444574",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444574"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15558.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-04T17:01:09.062Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-04T16:14:32.045Z",
                "value": "Made public."
              }
            ],
            "title": "docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Docker CLI",
              "vendor": "Docker",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "29.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Compose",
              "vendor": "Docker",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "5.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDocker CLI for Windows searches for plugin binaries in \u003ccode\u003eC:\\ProgramData\\Docker\\cli-plugins\u003c/code\u003e, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the \u003ccode\u003edocker\u003c/code\u003e\u0026nbsp;CLI is executed as a privileged user.\u003c/p\u003e\u003cp\u003eThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager\"\u003e\u003ccode\u003egithub.com/docker/cli/cli-plugins/manager\u003c/code\u003e\u003c/a\u003e\u0026nbsp;package, such as Docker Compose.\u003c/p\u003e\u003cp\u003eThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker\u00a0CLI is executed as a privileged user.\n\nThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the  github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager \u00a0package, such as Docker Compose.\n\nThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-38",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
                }
              ]
            },
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            },
            {
              "capecId": "CAPEC-640",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-640 Inclusion of Code in Existing Process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T16:14:32.045Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/release-notes/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/docker/cli/pull/6713"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-15558",
        "datePublished": "2026-03-04T16:14:32.045Z",
        "dateReserved": "2026-02-03T19:51:18.184Z",
        "dateUpdated": "2026-06-30T12:07:21.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62725 (GCVE-0-2025-62725)

    Vulnerability from nvd – Published: 2025-10-27 20:37 – Updated: 2025-10-28 14:47
    VLAI
    Title
    Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
    Summary
    Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    docker compose Affected: < 2.40.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62725",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T14:47:30.993646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T14:47:42.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "compose",
              "vendor": "docker",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.40.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker\u2011supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read\u2011only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T20:37:32.340Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q"
            },
            {
              "name": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176"
            }
          ],
          "source": {
            "advisory": "GHSA-gv8h-7v7w-r22q",
            "discovery": "UNKNOWN"
          },
          "title": "Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-62725",
        "datePublished": "2025-10-27T20:37:32.340Z",
        "dateReserved": "2025-10-20T19:41:22.742Z",
        "dateUpdated": "2025-10-28T14:47:42.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-15558 (GCVE-0-2025-15558)

    Vulnerability from cvelistv5 – Published: 2026-03-04 16:14 – Updated: 2026-06-30 12:07
    VLAI
    Title
    Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
    Summary
    Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user. This issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager  package, such as Docker Compose. This issue does not impact non-Windows binaries, and projects not using the plugin-manager code.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-427 - Uncontrolled Search Path Element
    Assigner
    Impacted products
    Vendor Product Version
    Docker Docker CLI Unaffected: 29.2.0 (semver)
    Create a notification for this product.
    Docker Compose Unaffected: 5.1.0 (semver)
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat Builds for Red Hat OpenShift     cpe:/a:redhat:openshift_builds:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Kernel Module Management Operator for Red Hat Openshift     cpe:/a:redhat:kernel_module_management:2
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 2     cpe:/a:redhat:service_mesh:2
    Create a notification for this product.
    Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces     cpe:/a:redhat:openshift_devspaces:3
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer     cpe:/a:redhat:trusted_artifact_signer:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Credits
    Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-15558",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-04T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-05T04:55:47.099Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Builds for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:kernel_module_management:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Kernel Module Management Operator for Red Hat Openshift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "unaffected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "unaffected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3"
                ],
                "defaultStatus": "unaffected",
                "product": "OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Dev Spaces",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift GitOps",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Trusted Artifact Signer",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "unaffected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-04T16:14:32.045Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in Docker CLI for Windows. A low-privileged attacker can exploit this vulnerability by creating a specific directory, C:\\ProgramData\\Docker\\cli-plugins, which does not exist by default. By placing malicious plugin binaries in this directory, an attacker can achieve privilege escalation when a victim user opens Docker Desktop or uses Docker CLI plugin features, provided the Docker CLI is executed with elevated privileges."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-427",
                    "description": "Uncontrolled Search Path Element",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:21.534Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-15558"
              },
              {
                "name": "RHBZ#2444574",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444574"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-15558.json"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-04T17:01:09.062Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-04T16:14:32.045Z",
                "value": "Made public."
              }
            ],
            "title": "docker/cli: Docker CLI for Windows: Privilege escalation via malicious plugin binaries",
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "platforms": [
                "Windows"
              ],
              "product": "Docker CLI",
              "vendor": "Docker",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "29.2.0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Compose",
              "vendor": "Docker",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "5.1.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Nitesh Surana (niteshsurana.com) of Trend Research of TrendAI"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDocker CLI for Windows searches for plugin binaries in \u003ccode\u003eC:\\ProgramData\\Docker\\cli-plugins\u003c/code\u003e, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the \u003ccode\u003edocker\u003c/code\u003e\u0026nbsp;CLI is executed as a privileged user.\u003c/p\u003e\u003cp\u003eThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager\"\u003e\u003ccode\u003egithub.com/docker/cli/cli-plugins/manager\u003c/code\u003e\u003c/a\u003e\u0026nbsp;package, such as Docker Compose.\u003c/p\u003e\u003cp\u003eThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e"
                }
              ],
              "value": "Docker CLI for Windows searches for plugin binaries in C:\\ProgramData\\Docker\\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker\u00a0CLI is executed as a privileged user.\n\nThis issue affects Docker CLI: through 29.1.5 and Windows binaries acting as a CLI-plugin manager using the  github.com/docker/cli/cli-plugins/manager https://pkg.go.dev/github.com/docker/cli@v29.1.5+incompatible/cli-plugins/manager \u00a0package, such as Docker Compose.\n\nThis issue does not impact non-Windows binaries, and projects not using the plugin-manager code."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-38",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
                }
              ]
            },
            {
              "capecId": "CAPEC-471",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-471 Search Order Hijacking"
                }
              ]
            },
            {
              "capecId": "CAPEC-640",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-640 Inclusion of Code in Existing Process"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NO",
                "Recovery": "USER",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "LOCAL",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/AU:N/R:U",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-427",
                  "description": "CWE-427 Uncontrolled Search Path Element",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-04T16:14:32.045Z",
            "orgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
            "shortName": "Docker"
          },
          "references": [
            {
              "url": "https://docs.docker.com/desktop/release-notes/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304/"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/docker/cli/pull/6713"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Docker Desktop Docker Plugins Uncontrolled Search Path Element Local Privilege Escalation Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "686469e6-3ff6-451b-ab8b-cf5b9e89401e",
        "assignerShortName": "Docker",
        "cveId": "CVE-2025-15558",
        "datePublished": "2026-03-04T16:14:32.045Z",
        "dateReserved": "2026-02-03T19:51:18.184Z",
        "dateUpdated": "2026-06-30T12:07:21.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-62725 (GCVE-0-2025-62725)

    Vulnerability from cvelistv5 – Published: 2025-10-27 20:37 – Updated: 2025-10-28 14:47
    VLAI
    Title
    Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
    Summary
    Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read‑only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    References
    Impacted products
    Vendor Product Version
    docker compose Affected: < 2.40.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62725",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T14:47:30.993646Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T14:47:42.196Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "compose",
              "vendor": "docker",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.40.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker\u2011supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there. This affects any platform or workflow that resolves remote OCI compose artifacts, Docker Desktop, standalone Compose binaries on Linux, CI/CD runners, cloud dev environments is affected. An attacker can escape the cache directory and overwrite arbitrary files on the machine running docker compose, even if the user only runs read\u2011only commands such as docker compose config or docker compose ps. This issue is fixed in v2.40.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.9,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "ACTIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-27T20:37:32.340Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q"
            },
            {
              "name": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176"
            }
          ],
          "source": {
            "advisory": "GHSA-gv8h-7v7w-r22q",
            "discovery": "UNKNOWN"
          },
          "title": "Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-62725",
        "datePublished": "2025-10-27T20:37:32.340Z",
        "dateReserved": "2025-10-20T19:41:22.742Z",
        "dateUpdated": "2025-10-28T14:47:42.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }