Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2025-23266
Good to know:
Date: July 17, 2025
NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
Severity Score
Related Resources (14)
Severity Score
Weakness Type (CWE)
Untrusted Search Path
CWE-426Top Fix
Upgrade Version
Upgrade to version github.com/NVIDIA/nvidia-container-toolkit - v1.17.8;github.com/NVIDIA/nvidia-container-toolkit - v1.17.8;github.com/NVIDIA/k8s-device-plugin - v0.17.3;github.com/NVIDIA/gpu-operator - v25.3.2;github.com/NVIDIA/mig-parted - v0.12.2
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | ADJACENT_NETWORK |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | LOW |
| User Interaction (UI): | NONE |
| Scope (S): | CHANGED |
| Confidentiality (C): | HIGH |
| Integrity (I): | HIGH |
| Availability (A): | HIGH |