Detections
Analytics

CVE-2025-23266

critical

Description

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.

References

https://www.infosecurity-magazine.com/news/vulnerabilities-nvidias-triton/

https://www.wiz.io/blog/nvidia-triton-cve-2025-23319-vuln-chain-to-ai-server

https://www.securityweek.com/critical-nvidia-toolkit-flaw-exposes-ai-cloud-services-to-hacking/

https://thehackernews.com/2025/07/critical-nvidia-container-toolkit-flaw.html

https://www.wiz.io/blog/nvidia-ai-vulnerability-cve-2025-23266-nvidiascape

https://nvidia.custhelp.com/app/answers/detail/a_id/5659

https://news.ycombinator.com/item?id=44818412

https://kidbomb.github.io/posts/nvidia-container-escape-cve-2025-23266/

Details

Source: Mitre, NVD

Published: 2025-07-17

Updated: 2025-08-08

Named Vulnerability: NVIDIAScape

Risk Information

CVSS v2

Base Score: 7.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00023