Docker Compose users are being strongly urged to upgrade their versions of the orchestration tool after a researcher uncovered a flaw that could allow attackers to stage path traversal attacks.

NIST has dubbed the Compose vulnerability CVE-2025-62725 and given it a 8.9 severity rating.

The bug was uncovered by Imperva's Ron Masas in early October. As Masas writes , Compose is a "friendly layer above Docker Engine that turns a few YAML lines into a running application." Unsurprisingly then, it powers millions of workflows, "from CI/CD runners and local development stacks to cloud workspaces and enterprise build pipelines."

He uncovered the high-severity path traversal vulnerability while exploring the tool's recently added support for OCI-based Compose artifacts. "The flaw allowed attack

See Full Page