Nirohfeld

**Name of the Vulnerable Software and Affected Versions** NVIDIA Container Toolkit versions up to 1.17.7 GPU Operator versions up to 25.3.0 NVIDIA Container Toolkit versions 1.17.8 and 25.3.1 are fixed. **Description** A critical vulnerability (CVE-2025-23266), dubbed “NVIDIAScape”, exists in the NVIDIA Container Toolkit and GPU Operator. This vulnerability allows attackers to escape containers and potentially gain root access on the host system. The flaw is due to a misconfiguration related to the handling of Open Container Initiative (OCI) hooks. Exploitation can be achieved with a simple three-line Dockerfile. Approximately 37% of cloud services are estimated to be affected. Successful exploitation could lead to privilege escalation, information disclosure, data tampering, and denial of service. **Recommendations** NVIDIA Container Toolkit versions prior to 1.17.8 are vulnerable. GPU Operator versions prior to 25.3.1 are vulnerable.