NVIDIA has launched crucial safety updates addressing two important vulnerabilities in its Container Toolkit and GPU Operator that would permit attackers to execute arbitrary code with elevated permissions.
The vulnerabilities, recognized as CVE-2025-23266 and CVE-2025-23267, have an effect on all platforms working NVIDIA Container Toolkit variations as much as 1.17.7 and GPU Operator variations as much as 25.3.0.
Key Takeaways1. NVIDIA Container Toolkit vulnerabilities allow arbitrary code execution with elevated permissions.2. Impacts all variations as much as 1.17.7 (Container Toolkit) and 25.3.0 (GPU Operator). 3. Replace to variations 1.17.8/25.3.1 or disable enable-cuda-compat hook.
These safety flaws pose critical dangers together with privilege escalation, information tampering, data disclosure, and denial of service assaults.
Essential Container Vulnerabilities
Essentially the most extreme vulnerability, CVE-2025-23266, carries a CVSS v3.1 base rating of 9.0, categorizing it as crucial severity.
This vulnerability exists in some hooks used to initialize containers, the place an attacker might execute arbitrary code with elevated permissions.
The assault vector is described as “AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H,” indicating adjoining community entry with low assault complexity. The vulnerability is classed underneath CWE-426, referring to untrusted search path points.
The second vulnerability, CVE-2025-23267, receives a excessive severity ranking with a CVSS rating of 8.5. This flaw impacts the update-ldcache hook, the place attackers might trigger hyperlink following assaults utilizing specifically crafted container pictures.
The vulnerability falls underneath CWE-59, representing improper hyperlink decision earlier than file entry.
Each vulnerabilities have been found by way of accountable disclosure, with CVE-2025-23266 reported by Nir Ohfeld and Shir Tamari from Development Zero Day Initiative, and CVE-2025-23267 recognized by Lei Wang and Min Yao from Nebula Safety Lab at Huawei Cloud.
CVE IDTitleAffected ProductsCVSS 3.1ScoreSeverityCVE-2025-23266Arbitrary code execution with elevated permissions in container initialization hooksNVIDIA Container Toolkit (all variations as much as 1.17.7)NVIDIA GPU Operator (all variations as much as 25.3.0)9.0CriticalCVE-2025-23267Link following vulnerability in update-ldcache hookNVIDIA Container Toolkit (all variations as much as 1.17.7)NVIDIA GPU Operator (all variations as much as 25.3.0)8.5High
Safety Updates
NVIDIA has launched up to date variations to deal with these vulnerabilities. The NVIDIA Container Toolkit requires updating to model 1.17.8 from all earlier variations as much as 1.17.7.
For the NVIDIA GPU Operator on Linux platforms, customers should improve to model 25.3.1 from all variations as much as 25.3.0. Notably, the CDI mode vulnerability impacts solely variations previous to 1.17.5 for Container Toolkit and previous to 25.3.0 for GPU Operator.
Organizations can implement quick mitigations by disabling the weak enable-cuda-compat hook.
For NVIDIA Container Runtime customers, this includes modifying the /and so forth/nvidia-container-toolkit/config.toml file and setting the options.disable-cuda-compat-lib-hook characteristic flag to true:
GPU Operator customers can apply mitigation by way of Helm set up arguments:
NVIDIA strongly recommends putting in the safety updates as described within the official NVIDIA Container Toolkit and GPU Operator documentation.
Increase detection, scale back alert fatigue, speed up response; all with an interactive sandbox constructed for safety groups -> Strive ANY.RUN Now
