[Vulnerability Alert] Critical Security Flaw in Docker Compose (CVE-2025-62725)

Subject: [Vulnerability Alert] Critical Security Flaw in Docker Compose (CVE-2025-62725)

Description:

• Forwarded from Taiwan Computer Emergency Response Team Coordination Center (TWCERT/CC) – Security Advisory TACERT-ANA-2025110405112828
• Docker Compose is a tool used to define and manage multi-container applications, streamlining deployment and enhancing development efficiency. Docker has issued a security update addressing a critical vulnerability (CVE-2025-62725, CVSS v4.x: 8.9), classified as a path traversal flaw. This vulnerability allows attackers to bypass Compose’s cache directory restrictions and overwrite arbitrary files on the host system.

Affected Versions:

• Docker Compose versions prior to v2.40.2 (exclusive)

Recommended Actions:

• Please upgrade to Docker Compose version v2.40.2 or later to mitigate this vulnerability.

Reference:

• TWCERT/CC Official Advisory

計算機與通訊中心
網路系統組 敬啟