CVE-2025-23267

CWE-596 documents5 sources

Severity

8.5HIGH

EPSS

0.1%

top 68.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com NVIDIA/gpu-operator Github.com NVIDIA/k8s-device-plugin Github.com NVIDIA/mig-parted +2 more

Timeline

PublishedJul 17

Latest updateOct 23

Description

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:HExploitability: 3.1 | Impact: 4.7

Affected Packages5 packages

▶Gogithub.com/NVIDIA/nvidia-container-toolkit< 1.17.8

▶CVEListV5nvidia/container_toolkitNVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5), NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)+1

▶Gogithub.com/NVIDIA/mig-parted< 0.12.2

▶Gogithub.com/NVIDIA/gpu-operator< 25.3.2

▶Gogithub.com/NVIDIA/k8s-device-plugin< 0.17.3

🔴Vulnerability Details

OSV

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook in github.com/NVIDIA/gpu-operator↗2025-10-23

▶

OSV

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook↗2025-07-17

▶

CVEList

CVE-2025-23267: NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by usin↗2025-07-17

▶

GHSA

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook↗2025-07-17

▶

📋Vendor Advisories

Red Hat

nvidia-container-toolkit: NVIDIA Container Toolkit Link Following Vulnerability↗2025-07-17

▶