CVE-2025-23266

CVSS v3.1

9.0

Critical

Vector

AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions

NVIDIA Container Toolkit versions up to 1.17.7 GPU Operator versions up to 25.3.0 NVIDIA Container Toolkit versions 1.17.8 and 25.3.1 are fixed.

Description

A critical vulnerability (CVE-2025-23266), dubbed “NVIDIAScape”, exists in the NVIDIA Container Toolkit and GPU Operator. This vulnerability allows attackers to escape containers and potentially gain root access on the host system. The flaw is due to a misconfiguration related to the handling of Open Container Initiative (OCI) hooks. Exploitation can be achieved with a simple three-line Dockerfile. Approximately 37% of cloud services are estimated to be affected. Successful exploitation could lead to privilege escalation, information disclosure, data tampering, and denial of service.

Recommendations

NVIDIA Container Toolkit versions prior to 1.17.8 are vulnerable. GPU Operator versions prior to 25.3.1 are vulnerable.

Fix

DoS

LPE

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

ALSA-2025:13673

ALSA-2025:13674

AZL-65648

AZL-65651

BDU:2025-08697

CVE-2025-23266

GHSA-VMG3-7V43-9G23

GO-2025-3992

INFSA-2025_13673

OPENSUSE-SU-2025:15666-1

RHSA-2025:13673

RHSA-2025:13674

RHSA-2025_13673

SUSE-SU-2025:3799-1

SUSE-SU-2025:4187-1

ZDI-25-626

ZDI-25-833

Affected Products

Almalinux

Nvidia Container Toolkit

Red Hat

Red Os

Suse

CVE-2025-23266

Weakness Enumeration

Related Identifiers

Affected Products

References · 145