NVIDIA has recently addressed two critical security vulnerabilities in its Container Toolkit and GPU Operator, identified as CVE-2025-23266 and CVE-2025-23267. These flaws could enable attackers to execute arbitrary code with elevated permissions, posing significant risks to systems utilizing these tools.
Overview of the Vulnerabilities
CVE-2025-23266 is a critical vulnerability with a CVSS v3.1 base score of 9.0. It resides in certain hooks used during container initialization, where an attacker could exploit this flaw to execute arbitrary code with elevated permissions. The attack vector is characterized as AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H, indicating adjacent network access with low attack complexity. This vulnerability is classified under CWE-426, which pertains to untrusted search path issues.
CVE-2025-23267 has a high severity rating with a CVSS score of 8.5. This vulnerability affects the update-ldcache hook, where attackers could perform link following attacks using specially crafted container images. It falls under CWE-59, representing improper link resolution before file access.
Affected Versions
The vulnerabilities impact all platforms running NVIDIA Container Toolkit versions up to 1.17.7 and GPU Operator versions up to 25.3.0. Users operating these versions are at risk and should take immediate action to secure their systems.
Potential Risks
Exploitation of these vulnerabilities could lead to:
– Privilege Escalation: Attackers gaining higher-level access than authorized.
– Data Tampering: Unauthorized modification of sensitive data.
– Information Disclosure: Exposure of confidential information.
– Denial of Service Attacks: Disruption of normal system operations.
Discovery and Disclosure
These vulnerabilities were identified through responsible disclosure:
– CVE-2025-23266 was reported by Nir Ohfeld and Shir Tamari from Trend Zero Day Initiative.
– CVE-2025-23267 was discovered by Lei Wang and Min Yao from Nebula Security Lab at Huawei Cloud.
Mitigation and Updates
NVIDIA has released updated versions to address these vulnerabilities:
– NVIDIA Container Toolkit: Update to version 1.17.8 from all previous versions up to 1.17.7.
– NVIDIA GPU Operator: Upgrade to version 25.3.1 from all versions up to 25.3.0.
For immediate mitigation, organizations can disable the vulnerable enable-cuda-compat hook:
– For NVIDIA Container Runtime Users: Edit the `/etc/nvidia-container-toolkit/config.toml` file and set the `features.disable-cuda-compat-lib-hook` feature flag to `true`.
– For GPU Operator Users: Apply mitigation through Helm installation arguments:
“`
helm upgrade –install gpu-operator nvidia/gpu-operator –set nvidiaContainerToolkit.config.disable-cuda-compat-lib-hook=true
“`
NVIDIA strongly recommends installing these security updates as described in the official NVIDIA Container Toolkit and GPU Operator documentation.
Conclusion
The discovery of CVE-2025-23266 and CVE-2025-23267 underscores the importance of proactive security measures in containerized environments. Organizations utilizing NVIDIA’s Container Toolkit and GPU Operator should promptly update to the latest versions and implement the recommended mitigations to safeguard their systems against potential exploits.
