CVE-2025-23266
CRITICAL9.0EPSS 0.17%NVIDIA Container Toolkit for all platforms contains an Untrusted Search Path
Published: 7/17/2025Modified: 2/4/2026
Description
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
Affected packages (8)
- Go/github.com/NVIDIA/gpu-operatorfrom 0, < 25.3.2
- Go/github.com/NVIDIA/gpu-operatorfrom 0
- Go/github.com/NVIDIA/k8s-device-pluginfrom 0, < 0.17.3
- Go/github.com/NVIDIA/k8s-device-pluginfrom 0, < 0.17.3
- Go/github.com/NVIDIA/mig-partedfrom 0, < 0.12.2
- Go/github.com/NVIDIA/mig-partedfrom 0, < 0.12.2
- Go/github.com/NVIDIA/nvidia-container-toolkitfrom 0, < 1.17.8
- Go/github.com/NVIDIA/nvidia-container-toolkitfrom 0, < 1.17.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.0 | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
References (12)
- ADVISORYhttps://github.com/advisories/GHSA-vmg3-7v43-9g23
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-23266
- WEBhttps://github.com/NVIDIA/gpu-operator
- WEBhttps://github.com/NVIDIA/k8s-device-plugin
- WEBhttps://github.com/NVIDIA/mig-parted
- WEBhttps://github.com/NVIDIA/nvidia-container-toolkit
- WEBhttps://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266
- WEBhttps://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266-part-2
- WEBhttps://news.ycombinator.com/item?id=44818412
- WEBhttps://nvidia.custhelp.com/app/answers/detail/a_id/5659
- WEBhttps://pkg.go.dev/vuln/GO-2025-3992
- WEBhttps://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape