x/vulndb: potential Go vuln in github.com/docker/compose/v5: GHSA-p436-gjf2-799p

Advisory GHSA-p436-gjf2-799p references a vulnerability in the following Go modules:

Module
github.com/docker/compose
github.com/docker/compose/v2
github.com/docker/compose/v5

Description:
This issue affects Docker CLI through 29.1.5

Impact

Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place malicious CLI plugin binaries (docker-compose.exe, docker-buildx.exe, etc.) that are executed when a victim user opens Docker Desktop or invokes Docker CLI plugin features, and allow privilege-escalation if the docker CLI is executed as a privileged user.

This issue affects Docker CLI through v29.1.5 (fixed in v29.2.0). It impacts Windows ...

References:

ADVISORY: GHSA-p436-gjf2-799p
ADVISORY: GHSA-p436-gjf2-799p
ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2025-15558
FIX: docker/cli@1375933
FIX: cli-plugins/manager: remove legacy system-wide cli-plugin path docker/cli#6713
FIX: delegate build to buildx bake docker/compose#12300
WEB: https://docs.docker.com/desktop/release-notes
WEB: https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304

Cross references:

github.com/docker/compose appears in 1 other report(s):
- data/reports/GO-2025-4077.yaml (x/vulndb: potential Go vuln in github.com/docker/compose/v2: GHSA-gv8h-7v7w-r22q #4077)
github.com/docker/compose/v2 appears in 1 other report(s):
- data/reports/GO-2025-4077.yaml (x/vulndb: potential Go vuln in github.com/docker/compose/v2: GHSA-gv8h-7v7w-r22q #4077)

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/docker/compose
      non_go_versions:
        - introduced: 19.03.0
        - introduced: TODO (earliest fixed "", vuln range ">= 2.31.0, <= 2.40.3")
        - fixed: 29.2.0
      vulnerable_at: 1.25.2
    - module: github.com/docker/compose/v2
      vulnerable_at: 2.40.3
    - module: github.com/docker/compose/v5
      versions:
        - fixed: 5.1.0
      vulnerable_at: 5.0.2
summary: |-
    Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege
    Escalation on Windows in github.com/docker/compose
cves:
    - CVE-2025-15558
ghsas:
    - GHSA-p436-gjf2-799p
references:
    - advisory: https://github.com/advisories/GHSA-p436-gjf2-799p
    - advisory: https://github.com/docker/cli/security/advisories/GHSA-p436-gjf2-799p
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2025-15558
    - fix: https://github.com/docker/cli/commit/13759330b1f7e7cb0d67047ea42c5482548ba7fa
    - fix: https://github.com/docker/cli/pull/6713
    - fix: https://github.com/docker/compose/pull/12300
    - web: https://docs.docker.com/desktop/release-notes
    - web: https://www.zerodayinitiative.com/advisories/ZDI-CAN-28304
source:
    id: GHSA-p436-gjf2-799p
    created: 2026-03-05T01:01:32.512316435Z
review_status: UNREVIEWED

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/docker/compose/v5: GHSA-p436-gjf2-799p #4610

Impact

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/docker/compose/v5: GHSA-p436-gjf2-799p #4610

Description

Impact

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions