CVE-2025-23266_CVE-2025-23266

9 / 10

CRITICAL

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.

Basic Information

ID CVE-2025-23266

Source nvidia

Published Jul 17, 2025 at 19:08

Modified Aug 8, 2025 at 18:50

Affected Product

Vendor NVIDIA

Product Container Toolkit

Version NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)

Affected Versions NVIDIA Container Toolkit NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)
NVIDIA Container Toolkit NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)

CWE Classification

CWE-426

References

nvidia.custhelp.com /app/answers/detail/a_id/5659

{
    "lastseen": "",
    "description": "NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.",
    "published": "2025-07-17T19:08:21.352Z",
    "modified": "2025-08-08T18:50:22.036Z",
    "type": "cve",
    "title": "CVE-2025-23266",
    "source": "nvidia",
    "references": "https://nvidia.custhelp.com/app/answers/detail/a_id/5659",
    "id": "CVE-2025-23266",
    "bulletinFamily": "",
    "cwe": [
        "CWE-426"
    ],
    "cvelist": null,
    "sourceData": "NVIDIA Container Toolkit NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)\nNVIDIA Container Toolkit NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)",
    "sourceHref": "",
    "cvss": {
        "score": 9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Container Toolkit",
    "version": "NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)",
    "vendor": "NVIDIA",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}