TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Docker Compose users need to upgrade to v2.40.2 immediately to patch CVE-2025-62725, a high-severity path traversal vulnerability (8.9 rating) that allows attackers to write arbitrary files on the host system through malicious OCI artifacts. The flaw exploited Compose's trust in layer annotations without path validation. Additionally, Docker fixed an 8.8-rated DLL hijacking vulnerability in Windows Desktop Installer (EUVD-2025-36191) in version 4.49.0, which allowed privilege escalation through malicious DLL placement in the Downloads folder.

Docker Compose vulnerability opens door to host-level writes