Arbitrary Code Execution Vulnerability in NVIDIA Container Toolkit
CVE-2025-23266

9CRITICAL

Key Information:

Vendor

Nvidia
Status
Container Toolkit
Vendor
CVE Published:
17 July 2025

Badges

📈 Score: 729👾 Exploit Exists📰 News Worthy

What is CVE-2025-23266?

CVE-2025-23266 is a critical vulnerability found in the NVIDIA Container Toolkit, a tool used to manage containers and their interactions with NVIDIA hardware. This toolkit enables developers to run GPU-accelerated applications in isolated environments, essential for tasks ranging from machine learning to high-performance computing. The vulnerability arises from flaws in specific hooks utilized during container initialization, allowing attackers to execute arbitrary code with elevated privileges. Such an exploit could undermine the integrity of systems utilizing this toolkit, jeopardizing sensitive data and potentially leading to unauthorized control over containerized applications.

Potential impact of CVE-2025-23266

  1. Privilege Escalation: Attackers could exploit this vulnerability to gain elevated permissions, allowing them to execute malicious actions that normal users would not be able to perform, ultimately compromising the system's security.

  2. Data Tampering: With the ability to execute arbitrary code, malicious actors could alter or corrupt data within the affected containers, leading to significant operational disruptions and data integrity issues.

  3. Denial of Service: An exploit could lead to a denial of service condition, where legitimate users are unable to access necessary applications and services, hindering organizational productivity and increasing downtime costs.

Affected Version(s)

Container Toolkit Linux NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)

Container Toolkit Linux NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)

News Articles

favicon imageDataconomy

A critical flaw in Nvidia’s toolkit allows AI container escapes

Cybersecurity researchers at Wiz identified a critical vulnerability, NVIDIAScape (CVE-2025-23266), within the NVIDIA Container Toolkit. This flaw permits

2 weeks ago

favicon imageTechRepublic

Critical Flaw in NVIDIA AI Toolkit Flaw Puts Cloud Services at Risk

A critical flaw in NVIDIA's AI container toolkit (CVE-2025-23266) allows full host takeover, posing serious risks to cloud-based AI services.

2 weeks ago

favicon imageCyber Press

New Exploit Proof-of-Concept Targets Critical NVIDIA AI Container Bug

A critical security flaw in the NVIDIA Container Toolkit (NCT) the foundational software powering many cloud-based AI and GPU services.

3 weeks ago

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5659

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Cyber Press

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-23266 : Arbitrary Code Execution Vulnerability in NVIDIA Container Toolkit