NVIDIA's Container Toolkit Contains a Flaw, Enabling Unauthorized High-Level Code Execution
In a recent security alert, NVIDIA has announced the discovery of two critical vulnerabilities, CVE-2025-23266 and CVE-2025-23267, in its Container Toolkit and GPU Operator. These vulnerabilities pose a significant threat to containerized environments and require immediate attention.
CVE-2025-23266, classified under CWE-426 (untrusted search path issues), affects some hooks used to initialize containers. This flaw could potentially allow arbitrary code execution with elevated permissions, leading to potential privilege escalation, data tampering, information disclosure, and denial of service.
On the other hand, CVE-2025-23267 falls under CWE-59 (improper link resolution before file access) and affects the update-ldcache hook. It allows link following attacks using specially crafted container images, leading to data tampering and denial of service. Both vulnerabilities receive high severity ratings, with CVE-2025-23266 receiving a CVSS v3.1 base score of 9.0 and CVE-2025-23267 a score of 8.5.
Nir Ohfeld and Shir Tamari from Trend Zero Day Initiative, and Lei Wang and Min Yao from Nebula Security Lab at Huawei Cloud, are credited with discovering these vulnerabilities.
To address these critical issues, NVIDIA strongly recommends installing the security updates as described in the official NVIDIA Container Toolkit and GPU Operator documentation. For the Container Toolkit, users should upgrade to version 1.17.8 or later, as the vulnerabilities affect all versions up to 1.17.7. For the GPU Operator, users should update to version 25.3.1 or later, as it is vulnerable up to version 25.3.0.
For Container Toolkit users, this involves editing the /etc/nvidia-container-toolkit/config.toml file and setting the features.disable-cuda-compat-lib-hook feature flag to true. GPU Operator users can apply mitigation through Helm installation arguments.
It is important to note that the CDI mode vulnerability affects only specific versions, not all versions, of the Container Toolkit and GPU Operator. The vulnerabilities affect versions up to 1.17.7 of the Container Toolkit and 25.3.0 of the GPU Operator on all platforms.
If immediate upgrades are not possible, NVIDIA recommends applying available mitigation strategies detailed in their official Container Toolkit and GPU Operator documentation to harden environments against these exploits.
In summary, prompt upgrading of the NVIDIA Container Toolkit and GPU Operator is crucial to prevent exploitation of these vulnerabilities in containerized environments. The following table outlines the vulnerable versions and the fixed versions for each product:
| Product | Vulnerable Up To | Fixed Version | |-----------------------|------------------|---------------| | NVIDIA Container Toolkit | 1.17.7 | 1.17.8+ | | NVIDIA GPU Operator | 25.3.0 | 25.3.1+ |
Sources: [1] NVIDIA Container Toolkit and GPU Operator Security Updates:
In the realm of data-and-cloud-computing, the recent security alert regarding the critical vulnerabilities, CVE-2025-23266 and CVE-2025-23267, in NVIDIA's Container Toolkit and GPU Operator holds significant implications for cybersecurity. These vulnerabilities, with high severity ratings, can lead to potential privilege escalation, data tampering, information disclosure, and denial of service, making them a serious concern for technology users relying on containerized environments.
