Cloud Vulnerability DB
An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues
Vulnerability DatabaseCVE-2025-23359
CVE-2025-23359:
NVIDIA Container Toolkit vulnerability analysis and mitigation
Overview
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability (CVE-2025-23359) discovered in February 2025. The vulnerability affects all versions of NVIDIA Container Toolkit up to and including 1.17.3 and NVIDIA GPU Operator up to and including 24.9.1. When used with default configuration, this vulnerability allows a crafted container image to gain access to the host file system (NVIDIA Advisory, NVD).
Technical details
The vulnerability is a Time-of-Check Time-of-Use (TOCTOU) race condition that enables attackers to mount the host's root filesystem into a container, granting unrestricted access to all host files. The issue received a CVSS v3.1 base score of 8.3 (High) with the vector string AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H. The vulnerability is particularly concerning as it can be exploited through the manipulation of symbolic links and filesystem operations during container initialization (Wiz Blog, Hacker News).
Impact
A successful exploitation of this vulnerability can lead to multiple severe consequences including code execution, denial of service, escalation of privileges, information disclosure, and data tampering. While the initial access to the host filesystem is read-only, attackers can leverage access to Unix sockets to launch privileged containers and achieve full host compromise (NVIDIA Advisory, Wiz Blog).
Mitigation and workarounds
NVIDIA has released version 1.17.4 of the Container Toolkit and version 24.9.2 of the GPU Operator to address this vulnerability. The fix changes the default behavior of the NVIDIA Container Toolkit, preventing CUDA compatibility libraries from being mounted to the default library path in the container. Users are strongly advised not to disable the --no-cntlibs flag in production environments. For cases requiring CUDA Forward Compatibility, users can set the LDLIBRARYPATH environment variable to include /usr/local/cuda/compat, though this may cause portability issues (NVIDIA Advisory).
Community reactions
The vulnerability was independently discovered and reported by multiple security researchers, including teams from Wiz Research and Trend Micro Research. NVIDIA has acknowledged the researchers' contributions and worked closely with them to ensure proper mitigation of both the original vulnerability and its bypass (NVIDIA Advisory, Wiz Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
Ready to see Wiz in action?
“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management