Docker Product Security Update Advisory (CVE-2025-62725)

Overview

 

We have released security updates to fix vulnerabilities in our Docker products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-62725

 

Docker Compose versions: 2.less than 40.2

 

 

Resolved Vulnerabilities

 

Path traversal vulnerability in Docker Compose due to lack of validation of remote OCI Compose artifact setting values (CVE-2025-62725)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-62725

 

Docker Compose versions: 2.40.2 and later

 

 

References

 

[1] Docker Compose release notes
https://docs.docker.com/compose/releases/release-notes/