Cybersecurity analysts have identified a critical bypass of a recently patched vulnerability in the NVIDIA Container Toolkit, which can potentially allow malicious actors to escape a container’s isolation and gain unfettered control over the host environment. The vulnerability is designated as CVE-2025-23359, with a CVSS score of 8.3, indicating its severity.
The affected versions include all iterations of the NVIDIA Container Toolkit up to and including 1.17.3, with version 1.17.4 providing the necessary patch. Additionally, the NVIDIA GPU Operator versions preceding 24.9.2 are susceptible and have also been addressed in the newer release.
According to NVIDIA, the vulnerability arises from a Time-of-Check Time-of-Use (TOCTOU) flaw present in default configurations. A specially crafted container image can exploit this vulnerability to infiltrate the host file system. The implications of a successful attack could encompass unauthorized code execution, denial of service, privilege escalation, information leaks, and data manipulation.
Cloud security firm Wiz has elaborated on the technical specifics of this issue, noting that it serves as a bypass for another vulnerability, CVE-2024-0132, addressed by NVIDIA in September 2024. This flaw allows attackers to mount the root file system of the host machine into a container, granting them complete access to all files within it. This consolidation of access could facilitate the launch of privileged containers and, subsequently, a complete host compromise through the Unix socket runtime.
Wiz’s research team found that during mount operations, the relevant file paths can be manipulated via symbolic links, enabling the attacker to link from a directory outside the container into a path, specifically within “/usr/lib64.”
Although the access acquired from this exploit initially provides read-only capabilities, adversaries could escalate their privileges through interactions with Unix sockets to spawn new privileged containers, thereby obtaining unwarranted access to the file system.
In their findings, researchers highlighted that this elevated access would empower attackers to monitor network traffic, debug live processes, and perform various operations at the host level.
NVIDIA advises all users of the Container Toolkit to update to the latest version immediately and to refrain from disabling the “–no-cntlibs” flag in production settings to mitigate risks.
This incident underscores the importance of maintaining robust security protocols and staying updated with the latest patches to defend against potential cyber threats. The observed bypass tactics may correlate with MITRE ATT&CK techniques such as initial access, privilege escalation, and exploitation of vulnerabilities, thereby revealing a broader context of the cybersecurity landscape that businesses must navigate.
In addition to immediate updates, business leaders are urged to ensure that their cybersecurity frameworks are comprehensive, addressing not only current vulnerabilities but also potential exploit paths that could be leveraged against their infrastructure.
