NVIDIA has issued an urgent security bulletin addressing two critical vulnerabilities in its Container Toolkit and GPU Operator software.
The vulnerabilities, discovered by security researchers and assigned CVE-2025-23266 and CVE-2025-23267, pose significant risks, including privilege escalation and denial of service attacks.
The company has released updated versions and provided immediate mitigation strategies for users unable to upgrade immediately.
Critical Vulnerabilities Discovered
The most severe vulnerability, CVE-2025-23266, carries a CVSS v3.1 base score of 9.0, marking it as critical severity.
This flaw exists in initialization hooks used by the Container Toolkit across all platforms, where attackers could execute arbitrary code with elevated permissions.
The vulnerability follows the CWE-426 pattern and enables escalation of privileges, data tampering, information disclosure, and denial of service attacks.
The second vulnerability, CVE-2025-23267, receives a high severity rating with a CVSS score of 8.5.
This flaw affects the update-ldcache hook, allowing attackers to exploit link following through specially crafted container images.
Classified under CWE-59, successful exploitation could lead to data tampering and denial of service.
Affected Products and Updates
NVIDIA Container Toolkit versions up to and including 1.17.7 are affected by both vulnerabilities, with the updated secure version being 1.17.8.
For users running Container Runtime in CDI mode, only versions before 1.17.5 are impacted by the critical vulnerability.
The NVIDIA GPU Operator for Linux platforms faces similar exposure, with all versions up to 25.3.0 requiring updates to the newly released 25.3.1.
Red Hat Enterprise Linux and OpenShift users must specifically target the v1.17.8-ubi8 tag when implementing fixes.
Mitigation Strategies Available
For organizations unable to immediately upgrade, NVIDIA provides a temporary mitigation by disabling the vulnerable enable-cuda-compat hook.
Users of NVIDIA Container Runtime in legacy mode can modify the /etc/nvidia-container-toolkit/config.toml file:
text[features]
disable-cuda-compat-lib-hook = true
GPU Operator users can implement mitigation through Helm deployment parameters:
bash--set "toolkit.env[0].name=NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES" \
--set "toolkit.env[0].value=disable-cuda-compat-lib-hook"
Organizations running GPU Operator versions before 25.3.1 can deploy the secure Container Toolkit version directly using:
bash--set "toolkit.version=v1.17.8-ubuntu20.04"
The vulnerabilities were responsibly disclosed by Nir Ohfeld and Shir Tamari working with Trend Zero Day Initiative, and Lei Wang and Min Yao from Nebula Security Lab at Huawei Cloud.
NVIDIA recommends immediate patching and advises users to consult the official Container Toolkit and GPU Operator documentation for complete installation guidance.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The vulnerabilities, discovered by security researchers and assigned CVE-2025-23266 and CVE-2025-23267, pose significant risks){kind=link}