Ethical Hacking News
A high-severity vulnerability was recently discovered in Docker Compose, allowing attackers to write arbitrary files on the host system. Docker has released a patch for this issue, and users are urged to upgrade to the latest version of Docker Compose as soon as possible. Additionally, Microsoft has addressed a DLL injection vulnerability in its Windows Server patch before weekend downtime.
Docker Compose has been found vulnerable to a high-severity path traversal vulnerability (CVE-2025-62725) that could allow attackers to escape the cache directory and write arbitrary files on the host system. The vulnerability was triggered by Docker Compose's support for OCI-based Compose artifacts, which introduced risks if not properly sanitized. Docker has released a patch for Docker Compose v2.40.2 to address the path traversal issue and prevent attackers from writing arbitrary files on the host system. A Windows Server patch (EUVD-2025-36191) with an 8.8 severity rating was also released, addressing a DLL injection vulnerability in the Desktop Installer.exe. Docker has fixed a similar flaw in its Windows Installer and warned users that future updates will require at least Windows 10 22H2 or Windows 11 23H2. OWASP's first rule for Docker security is "Keep Host and Docker up to date" to emphasize the importance of patching vulnerabilities promptly.
Docker Compose is a widely used tool for defining and running multi-container Docker applications. Its popularity can be attributed to its ease of use, flexibility, and the ability to streamline configuration sharing among developers and teams. However, recent discoveries have highlighted the importance of addressing security concerns in containerization, particularly with regard to Docker Compose.
In early October 2025, a researcher from Imperva, Ron Masas, uncovered a high-severity path traversal vulnerability (CVE-2025-62725) within Docker Compose that could allow attackers to escape the cache directory and write arbitrary files on the host system. This vulnerability was triggered by the tool's recently added support for OCI-based Compose artifacts.
The impact of this vulnerability lies in its ability to exploit Docker Compose's trust in layer annotations, which tell it where to write files. An attacker could craft an annotation that would cause Compose to perform a literal join between its local cache directory and the malicious annotation, allowing the crafted annotation to traverse out of the cache directory and cause Compose to write files anywhere the Compose process had permission to write.
Imperva's findings illustrate how automatic file reconstruction from unverified sources can obscure important security boundaries. While Docker Compose's OCI artifact feature aims to streamline configuration sharing, it also introduces risks if not properly sanitized.
In response to this vulnerability, Docker has released a patch for Docker Compose v2.40.2, which addresses the path traversal issue and prevents attackers from writing arbitrary files on the host system. It is essential for users of Docker Compose to upgrade to this patched version as soon as possible.
Furthermore, in related news, Microsoft has released a surprise Windows Server patch before weekend downtime, addressing a DLL injection vulnerability (EUVD-2025-36191) with an 8.8 severity rating. This vulnerability was discovered within the Desktop Installer.exe and allowed attackers to gain higher-level access to the system by placing malicious DLL files in specific locations.
Docker has also fixed a flaw in its Windows Installer that left it vulnerable to DLL injection, dubbed EUVD-2025-36191, with a 8.8 severity rating. The fix was included in Docker Desktop version 4.49.0, released last week. This update warns users that the next release onward will require at least Windows 10 22H2 or Windows 11 23H2.
The recent discoveries of these vulnerabilities within Docker Compose and its Windows Installer highlight the importance of keeping Docker and its components up to date. OWASP's first rule for Docker security is "Keep Host and Docker up to date." This advice serves as a reminder that patching is an ongoing process, and users must remain vigilant in addressing new security concerns.
In conclusion, the recent vulnerabilities discovered within Docker Compose and its Windows Installer underscore the need for organizations to prioritize security in their containerized applications. By staying informed about the latest developments and patching vulnerabilities promptly, developers can minimize the risk of exploitation by attackers.
Related Information:
https://www.ethicalhackingnews.com/articles/Docker-Compose-Vulnerability-Exposed-A-Growing-Concern-for-Containerized-Applications-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/10/30/docker_compose_desktop_flaws/
https://nvd.nist.gov/vuln/detail/CVE-2025-62725
https://www.cvedetails.com/cve/CVE-2025-62725/
https://www.imperva.com/blog/imperva-defends-against-exploits-used-by-apt29-hackers/
https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/
Published: Thu Oct 30 12:05:20 2025 by llama3.2 3B Q4_K_M
