CVE-2025-23359

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-23359
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5616 Vendor Advisory
https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html Exploit Press/Media Coverage
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

25 Sep 2025, 13:50

Type Values Removed Values Added
First Time Nvidia nvidia Container Toolkit
Linux
Nvidia nvidia Gpu Operator
Linux linux Kernel
Nvidia
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*
cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5616 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5616 - Vendor Advisory
References () https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html - () https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html - Exploit, Press/Media Coverage

11 Apr 2025, 14:15

Type Values Removed Values Added
References
  • () https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html -
Summary
  • (es) NVIDIA Container Toolkit para Linux contiene una vulnerabilidad de tipo Time-of-Check Time-of-Use (TOCTOU) cuando se utiliza con la configuración predeterminada, donde una imagen de contenedor manipulado podría obtener acceso al archivo host sistema. Una explotación exitosa de esta vulnerabilidad podría provocar la ejecución de código, la denegación de servicio, la escalada de privilegios, la divulgación de información y la manipulación de datos.

12 Feb 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-12 01:15

Updated : 2025-09-25 13:50

NVD link : CVE-2025-23359

Mitre link : CVE-2025-23359

CVE.ORG link : CVE-2025-23359

JSON object : View

Products Affected

nvidia

  • nvidia_container_toolkit
  • nvidia_gpu_operator

linux

  • linux_kernel
CWE
CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition