Detections
Analytics

CVE-2025-23359

high

Description

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

References

https://www.darkreading.com/cloud-security/nvidia-container-bug-harden-kubernetes

https://www.darkreading.com/cloud-security/buggy-nvdia-patch-exposes-ai-models-critical-infrastructure

https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html

https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html

https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132

https://nvidia.custhelp.com/app/answers/detail/a_id/5616

Details

Source: Mitre, NVD

Published: 2025-02-12

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.3

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00044