CVE-2025-23266
Severity
9.0CRITICAL
EPSS
0.1%
top 79.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 17
Latest updateOct 23
Description
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
CVSS vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0
Affected Packages5 packages
▶CVEListV5nvidia/container_toolkitNVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5), NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)+1
🔴Vulnerability Details
4OSV▶
NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path in github.com/NVIDIA/gpu-operator↗2025-10-23
CVEList▶
CVE-2025-23266: NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute ar↗2025-07-17
📋Vendor Advisories
2Red Hat▶
nvidia-container-toolkit: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit↗2025-07-17
Microsoft▶
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successf↗2025-07-08