【Vulnerability Alert】A critical security vulnerability (CVE-2025-62725) has been identified in Docker Compose. Please verify and apply the necessary patches as soon as possible.

publish date : 2025-11-07 update date : 2025-11-07

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025110405112828	Publication Time	2025/11/05 08:41
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/11/05 08:41
Impact Level	Low
[Subject] 【Vulnerability Alert】A critical security vulnerability (CVE-2025-62725) has been identified in Docker Compose. Please verify and apply the necessary patches as soon as possible.
[Content] Forwarded from TWCERTCC-ANA-2025110405112828 Docker Compose is a tool used for defining and managing applications composed of multiple containers. It simplifies the deployment process and enhances development efficiency. Docker has released a major security vulnerability update announcement (CVE-2025-62725, CVSS 4.x: 8.9) and issued a patched version. This vulnerability is a path traversal issue that allows attackers to bypass Compose’s cache directory and overwrite arbitrary files on the host system. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] Versions of Docker Compose prior to v2.40.2 (exclusive)
[Recommended Actions] Update to Docker Compose version v2.40.2 or later
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center

Click Num:

Share