Arbitrary Code Execution Vulnerability in NVIDIA Container Toolkit
CVE-2025-23266
What is CVE-2025-23266?
CVE-2025-23266 is a critical vulnerability found in the NVIDIA Container Toolkit, a tool used to manage containers and their interactions with NVIDIA hardware. This toolkit enables developers to run GPU-accelerated applications in isolated environments, essential for tasks ranging from machine learning to high-performance computing. The vulnerability arises from flaws in specific hooks utilized during container initialization, allowing attackers to execute arbitrary code with elevated privileges. Such an exploit could undermine the integrity of systems utilizing this toolkit, jeopardizing sensitive data and potentially leading to unauthorized control over containerized applications.
Potential impact of CVE-2025-23266
-
Privilege Escalation: Attackers could exploit this vulnerability to gain elevated permissions, allowing them to execute malicious actions that normal users would not be able to perform, ultimately compromising the system's security.
-
Data Tampering: With the ability to execute arbitrary code, malicious actors could alter or corrupt data within the affected containers, leading to significant operational disruptions and data integrity issues.
-
Denial of Service: An exploit could lead to a denial of service condition, where legitimate users are unable to access necessary applications and services, hindering organizational productivity and increasing downtime costs.
Affected Version(s)
Container Toolkit Linux NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)
Container Toolkit Linux NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)