Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability
Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container's isolation protections and gain complete access to the underlying host.
The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions -
- NVIDIA Container Toolkit (All versions up to and including 1.17.3) - Fixed in version 1.17.4
- NVIDIA GPU Operator (All versions up to and including 24.9.1) - Fixed in version 24.9.2
"NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system," the company said in an advisory on Tuesday.
"A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering."
Cloud security firm Wiz, which shared additional technical specifics of the flaw, said it's a bypass for another vulnerability (CVE-2024-0132, CVSS score: 9.0) that was addressed by NVIDIA in September 2024.
In a nutshell, the vulnerability enables bad actors to mount the host's root file system into a container, granting them unfettered access to all files. Furthermore, the access can be leveraged to launch privileged containers and achieve full host compromise via the runtime Unix socket.
Wiz researchers security researchers Shir Tamari, Ronen Shustin, and Andres Riancho said their source code analysis of the container toolkit found that the file paths used during mount operations could be manipulated using a symbolic link such that it makes it possible to mount from outside the container (i.e., the root directory) into a path within "/usr/lib64."
While the access to the host file system afforded by the container escape is read-only, this limitation can be circumvented by interacting with the Unix sockets to spawn new privileged containers and gain unrestricted access to the file system.
"This elevated level of access also allowed us to monitor network traffic, debug active processes, and perform a range of other host-level operations," the researchers said.
Besides updating to the latest version, users of the NVIDIA Container Toolkit are recommended to not disable the "--no-cntlibs" flag in production environments.
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner
