Researchers at cloud safety specialist Wiz have found a vital vulnerability in Nvidia’s Container Toolkit and warned that it will probably pose a severe menace to managed AI cloud providers.
The vulnerability has been dubbed NVIDIAScape and is formally tracked as CVE-2025-23266. The flaw was demonstrated earlier this 12 months on the Pwn2Own Berlin hacking competitors by Wiz researchers, who earned $30,000 for his or her exploit.
Nvidia knowledgeable clients in regards to the vulnerability and the provision of a patch in an advisory printed final week. The seller says this vital vulnerability (CVSS rating of 9.0) can enable privilege escalation, info disclosure, information tampering and DoS assaults.
The Nvidia Container Toolkit is designed for constructing and working GPU-accelerated containers, and Wiz says it’s usually utilized by main cloud suppliers for managed AI providers.
Based on Wiz, CVE-2025-23266 is brought on by a misconfiguration associated to the dealing with of Open Container Initiative (OCI) hooks, which allow customers to outline and execute actions at specified factors in a container’s lifecycle.
The most important danger is within the case of managed AI cloud providers that enable customers to run their very own containers on shared GPU infrastructure.
The NVIDIAScape vulnerability might be exploited by a malicious container to bypass isolation and achieve full root entry to the host machine. From the host machine the menace actor could possibly steal or manipulate delicate information and proprietary AI fashions of all the opposite clients utilizing the identical {hardware}.
Wiz has shared technical particulars on the vulnerability and confirmed how it may be exploited with a malicious payload and a three-line Docker file positioned inside a container picture.Commercial. Scroll to proceed studying.
“This analysis highlights, not for the primary time, that containers should not a robust safety barrier and shouldn’t be relied upon as the only real technique of isolation,” Wiz warned. “When designing functions, particularly for multi-tenant environments, one ought to at all times ‘assume a vulnerability’ and implement no less than one sturdy isolation barrier, resembling virtualization.”
Associated: Watch on Demand: Cloud & Information Safety Summit
Associated: 5 Zero-Days, 15 Misconfigurations Present in Salesforce Trade Cloud
Associated: Contained in the $111 Billion Cloud Safety Market: Acquisition, Growth, and The place to Purpose Subsequent
