Docker Compose, a popular tool for managing Docker applications, recently faced a serious vulnerability identified as CVE-2025-62725. This path traversal flaw, discovered in October 2025, allowed attackers to escape the Compose cache directory and write arbitrary files on a host system. By tricking users into referencing malicious remote artifacts, an attacker could gain access to sensitive areas of the file system. The issue was rated high severity with a CVSS score of 8.9 and has since been patched in Docker version v2.40.2. The vulnerability arises from how Docker Compose processes OCI layers. When fetching files, it trusted annotations that dictated where to write them, without proper validation. This oversight meant an attacker could craft annotations that led outside the cache directory, enabling unauthorized writes. Notably, even benign commands like "docker compose ps" could trigger the exploit, making it more dangerous than typical vulnerabilities that activate during container startup. To demonstrate this flaw, the author created a malicious OCI registry that serves a harmful Compose artifact. By convincing a user to execute certain Docker commands, the attacker could inject their SSH public key into the victim’s authorized_keys file, providing remote access without any direct write command from the user. The Docker team responded quickly by implementing a fix that validates path annotations, ensuring they remain within the allowed cache directory.