9
CVE-2025-23266
- EPSS 0.06%
- Published 17.07.2025 19:08:21
- Last modified 16.08.2025 22:15:25
- Source psirt@nvidia.com
- Teams watchlist Login
- Open Login
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users. Login
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorNVIDIA
≫
Product
Container Toolkit
Default Statusunaffected
Version
NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)
Status
affected
Version
NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.06% | 0.198 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| psirt@nvidia.com | 9 | 2.3 | 6 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.