Summary: Cybersecurity researchers identified a critical bypass vulnerability (CVE-2025-23359) in the NVIDIA Container Toolkit that allows attackers to break container isolation and gain full access to the host system. This flaw affects multiple versions of the NVIDIA Container Toolkit and GPU Operator, with a CVSS score of 8.3. Users are advised to upgrade to fixed versions to mitigate the risk associated with this vulnerability.
Affected: NVIDIA Container Toolkit, NVIDIA GPU Operator
Keypoints :
- Vulnerability allows mounting of the host’s root file system into a container, granting unfettered access.
- The exploit may lead to code execution, privilege escalation, denial of service, and data tampering.
- Access can be made read-write by interacting with Unix sockets to spawn privileged containers.
- Update to version 1.17.4 of the Container Toolkit and 24.9.2 of the GPU Operator to mitigate the issue.
- Avoid disabling the “–no-cntlibs” flag in production environments for added security.
Source: https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html