A critical container escape vulnerability, CVE-2025-23266, has been discovered in the NVIDIA Container Toolkit, posing a significant risk to AI cloud services. The flaw allows attackers to execute arbitrary code with elevated permissions, potentially leading to privilege escalation and data theft. #NVIDIAScape #CVE-2025-23266
Keypoints
- The vulnerability affects all versions of NVIDIA Container Toolkit up to 1.17.7 and GPU Operator up to 25.3.0.
- It stems from a misconfiguration in handling the OCI โcreateContainerโ hook, which can be exploited easily.
- Attackers can use a simple three-line Dockerfile to load malicious libraries and escape the container environment.
- The flaw impacts approximately 37% of cloud environments using NVIDIAโs tools, risking data breaches and server takeovers.
- NVIDIA released updates in versions 1.17.8 and 25.3.1 to address the vulnerability, but ongoing risks remain for unpatched systems.
Read More: https://thehackernews.com/2025/07/critical-nvidia-container-toolkit-flaw.html