CVE-2025-23267

HIGH

Nvidia-container-toolkit < 1.17.8 - Symlink Following

Title source: rule

Description

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.

References (2)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5659

[Mailing List] http://www.openwall.com/lists/oss-security/2025/07/16/3

Scores

CVSS v3 8.5

EPSS 0.0013

EPSS Percentile 31.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-59

Status published

Products (6)

NVIDIA/Container Toolkit NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior t

NVIDIA/Container Toolkit NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.

NVIDIA/gpu-operator 0 - 25.3.2Go

NVIDIA/k8s-device-plugin 0 - 0.17.3Go

NVIDIA/mig-parted 0 - 0.12.2Go

NVIDIA/nvidia-container-toolkit 0 - 1.17.8Go

Published Jul 17, 2025

Tracked Since Feb 18, 2026