Docker has fixed two serious vulnerabilities in its software. A bug in Docker Compose allowed writing files outside the secure environment, while the Windows Desktop Installer was vulnerable to DLL hijacking.
This is reported by The Register and Heise. Both bugs were given a high risk score and have since been fixed in recent updates. The bug in Docker Compose was found in October by security researcher Ron Masas of Imperva. Compose is a tool that converts YAML configurations into running container environments and is an important part of countless development and CI/CD processes.
Masas discovered that the recent support for OCI-based Compose artifacts did not perform sufficient checks on file locations. When processing these artifacts, Compose relied entirely on the instructions in the so-called layer annotations, which specify where files should be placed.
By manipulating these annotations, an attacker could cause Compose to store files outside its own cache directory, in locations where the process had write permissions. This created the possibility of overwriting or adding files on the host system.
Quick response from Docker
The vulnerability was designated CVE-2025-62725 and given a CVSS score of 8.9. Masas praises the Docker team’s quick response, which resolved the issue in Docker Compose version 2.40.2. According to him, this incident underscores the importance of developers always applying path validation, even in simple configurations.
In addition to the Compose leak, a bug was also discovered in Docker Desktop’s Windows Installer. The installer was found to load DLL files from the user’s Downloads folder before checking the system folders.
This allowed an attacker to place a malicious DLL file with the same name in that folder and execute code with elevated privileges. This vulnerability, registered as CVE-2025-9164 and EUVD-2025-36191, received a CVSS score of 8.8. Docker has fixed the bug in version 4.49.0 of Docker Desktop.
The new release explicitly mentions the security issue in its release notes. At the same time, the update includes several improvements, including an updated Docker Engine (version 28.5.1), Docker Compose 2.40.2, and a new Nvidia Container Toolkit 1.17.9. The experimental cagent feature has also been added, allowing users to create and manage AI agents. The Docker Debug tool is now available free of charge to all users.
The update fixes several bugs. Docker Desktop no longer uses expired proxy passwords when waiting for new input, and an error message when starting Docker Debug has been removed.
macOS issue also resolved
On macOS, a bug has been fixed that caused Kubernetes to crash when other contexts were active. In addition, Docker Desktop automatically disables Rosetta if the installation is interrupted or fails.
The system requirements have been tightened. On macOS, version 14 (Sonoma) or higher is required, while on Windows, support for versions 10 21H2 and 11 22H2 has been discontinued. Starting with the next release, Windows 10 22H2 or Windows 11 23H2 will be the minimum versions supported.
In August, Docker had already patched a critical vulnerability in Desktop that allowed access to the host system. With the new updates, the company emphasizes that users should keep their environment up to date to mitigate security risks.