CVE-2025-23266

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5659
https://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266/
https://news.ycombinator.com/item?id=44818412
https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape

Configurations

No configuration.

History

08 Aug 2025, 19:15

Type	Values Removed	Values Added
References		() https://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266/ - () https://news.ycombinator.com/item?id=44818412 - () https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape -
Summary		(es) NVIDIA Container Toolkit para todas las plataformas contiene una vulnerabilidad en algunos ganchos utilizados para inicializar el contenedor, donde un atacante podría ejecutar código arbitrario con permisos elevados. Explotar esta vulnerabilidad podría provocar una escalada de privilegios, manipulación de datos, divulgación de información y denegación de servicio.

17 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-17 20:15

Updated : 2025-08-08 19:15

NVD link : CVE-2025-23266

Mitre link : CVE-2025-23266

CVE.ORG link : CVE-2025-23266

JSON object : View

Products Affected

No product.

CWE

CWE-426

Untrusted Search Path

9.0 /10