CVE-2025-23359

CWE-3675 documents5 sources
Severity
8.1HIGH
EPSS
3.7%
top 12.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Nvidia Nvidia Container ToolkitNvidia Nvidia GPU OperatorNvidia Container Toolkit+1 more
Timeline
PublishedFeb 12

Description

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 1.6 | Impact: 6.0

Affected Packages4 packages

CVEListV5nvidia/container_toolkitAll versions up to and including 1.17.3
CVEListV5nvidia/gpu_operatorAll versions up to and including 24.9.1

🔴Vulnerability Details

2
GHSA
GHSA-4hmh-pm5p-9j7j: NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted c2025-02-12
CVEList
CVE-2025-23359: NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted c2025-02-12

📋Vendor Advisories

2
Red Hat
nvidia-container-toolkit: TOCTOU Vulnerability in NVIDIA Container Toolkit2025-02-12
Microsoft
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file 2025-02-11
CVE-2025-23359 (HIGH CVSS 8.1) | NVIDIA Container Toolkit for Linux | cvebase.io