CVE-2025-23267: 
NVIDIA Container Toolkit vulnerability analysis and mitigation

NVIDIA Container Toolkit for all platforms contains a vulnerability (CVE-2025-23267) in the update-ldcache hook, discovered in July 2025. The vulnerability affects all versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5) of the NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux versions up to and including 25.3.0. This security flaw has been assigned a CVSS v3.1 base score of 8.5 (High severity) (NVIDIA Security).

The vulnerability exists in the update-ldcache hook of the NVIDIA Container Toolkit, where an attacker could exploit link following functionality through specially crafted container images. The vulnerability has been classified as CWE-59 (Improper Link Resolution Before File Access) and received a CVSS v3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H, indicating network accessibility with low attack complexity and requiring low privileges (NVIDIA Security, NVD Database).

A successful exploitation of this vulnerability can lead to data tampering and denial of service in affected systems. The high severity rating reflects the potential for significant system disruption, particularly in containerized environments running GPU-accelerated workloads, including high-performance computing (HPC) and AI/ML pipelines (Security Online).

NVIDIA has released version 1.17.8 of the Container Toolkit and version 25.3.1 of the GPU Operator to address this vulnerability. Additionally, users can mitigate the issue by opting out of the enable-cuda-compat hook by editing the /etc/nvidia-container-toolkit/config.toml file to set the features.disable-cuda-compat-lib-hook feature flag to true. For GPU Operator users, mitigation can be implemented using specific Helm installation arguments (NVIDIA Security).

The vulnerability was discovered and reported by Lei Wang & Min Yao from the Nebula Security Lab at Huawei Cloud, demonstrating ongoing security research efforts in container security. The discovery has highlighted the growing risks in container orchestration and GPU-accelerated workloads, particularly in production environments (NVIDIA Security, Security Online).