CVE-2025-23266
published 2025-07-17CVE-2025-23266: NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary…
critical9CVSS 3.1
AVAACLPRLUINSCCHIHAH
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | nvidia_gpu-operator | >= 0 < 25.3.2 | 25.3.2 |
| github.com | nvidia_k8s-device-plugin | >= 0 < 0.17.3 | 0.17.3 |
| github.com | nvidia_mig-parted | >= 0 < 0.12.2 | 0.12.2 |
| github.com | nvidia_nvidia-container-toolkit | >= 0 < 1.17.8 | 1.17.8 |
| msrc | azl3_nvidia-container-toolkit_1.15.0-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_nvidia-container-toolkit_1.11.0-1_on_cbl_mariner_2.0 | — | — |
| nvidia | container_toolkit | — | — |
| nvidia | container_toolkit | — | — |