CVE-2025-23359
HIGHNVIDIA Container Toolkit < 1.17.4 and NVIDIA GPU Operator < 24.9.2 - Time-of-Check Time-of-Use Race Condition
Title source: llmDescription
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
References (2)
Core 2
Core References
Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5616
Exploit, Press/Media Coverage
https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html
Scores
CVSS v3
8.3
EPSS
0.0336
EPSS Percentile
87.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
Status
published
Products (2)
nvidia/nvidia_container_toolkit
< 1.17.4
nvidia/nvidia_gpu_operator
< 24.9.2
Published
Feb 12, 2025
Tracked Since
Feb 18, 2026