This was a fun one! Docker just patched a high-severity vulnerability I found in Docker Compose (CVE-2025-62725, rated CVSS 8.9).

I discovered that including an OCI include statement in a Docker Compose YAML file could lead to an arbitrary file write on…