CVE-2025-23359

Published Feb 12, 2025

Last updated 21 days ago

CVSS high 8.3
NVIDIA Container Toolkit

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-23359 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability found in the NVIDIA Container Toolkit for Linux. It exists when the toolkit is used with its default configuration. A specially crafted container image can exploit this flaw to gain access to the host file system. Successful exploitation of this vulnerability can lead to several serious consequences, including code execution, denial of service, privilege escalation, information disclosure, and data tampering. The vulnerability allows attackers to mount the host's root file system into a container, potentially granting unrestricted access to all host files. While initial access might be read-only, attackers can leverage access to Unix sockets to launch privileged containers and achieve full host compromise.

Description
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Source
psirt@nvidia.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.3
Impact score
6
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@nvidia.com
CWE-367

Social media

Hype score
Not currently trending

  1. 🚨 NVIDIA’s critical security fix failed! NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete attackers can still escape containers and gain root access (CVE-2025-23359). 👀 Admins: Threat actors are watching... ✅ Patch now ✅ Audit your containers ✅ Lock down Docker http

    @achi_tech

    16 Apr 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 NVIDIA Toolkit flaw CVE-2025-23359 (CVSS 9.0) leaves containers vulnerable to host escape despite prior patch. Exploitable if attackers run code inside a container. Update to v1.17.4 & lock down Docker ASAP. https://t.co/3Ws62jWrGd #NVIDIA https://t.co/4MKguQ3HPS

    @dCypherIO

    11 Apr 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete. attackers can still escape containers and gain root access (CVE-2025-23359).

    @byt3n33dl3

    10 Apr 2025

    50 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    1 Quote

  4. 🚨 NVIDIA’s critical security fix failed! NVIDIA’s patch for CVE-2024-0132 (CVSS 9.0) was incomplete — attackers can still escape containers and gain root access (CVE-2025-23359). 👀 Admins: Threat actors are watching... ✅ Patch now ✅ Audit your containers ✅ Lock down Docker ht

    @TheHackersNews

    10 Apr 2025

    9844 Impressions

    57 Retweets

    103 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  5. Wiz Researchers Shir Tamari, Ronen Shustin, and Andres Riancho uncovered a bypass in the NVIDIA Container Toolkit, tracked as CVE-2025-23359. It exploits a Time-of-Check Time-of-Use flaw. We made a challenge recreating this 👉 https://t.co/eMv9oO6g9C #appsec #programming #cpp

    @secdim

    20 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨Are you keeping your Linux systems secure? Learn about the critical Nvidia Container Toolkit vulnerability (CVE-2025-23359) affecting versions up to 1.17.3.👨‍💻 Read to protect your systems: https://t.co/9n92N6ROCo #hacking #cybersec #coding

    @lnxsec

    26 Feb 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. [ZDI-25-087|CVE-2025-23359] NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability (CVSS 9.0; Credit: Dre Cura of Trend Micro Security Research) https://t.co/F0ICTU9zPa

    @TheZDIBugs

    24 Feb 2025

    483 Impressions

    0 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. ⚠️ Vulnerability Alert: NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability 📅 Timeline: Disclosure: 2025-02-04, Patch: 2025-02-11 🆔cveId: CVE-2025-23359 📊baseScore: 8.3 📏cvssMetrics:… https://t.co/1JyI5HHYhz

    @syedaquib77

    19 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. “NVIDIA” məhsullarında boşluq (CVE-2025-23359) aşkar olunub #ETX #certaz #cybersecurity #kibertəhlükəsizlik #xəbərdarlıq https://t.co/xGGHljAqhp

    @CERTAzerbaijan

    18 Feb 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. ⚠️ นักวิจัยพบ #Exploit ใหม่ บน #NVIDIA Container Toolkit (CVE-2025-23359) ที่สามารถ Bypass Isolation และเข้าถึง host system ได้โดยตรง เสี่ยงต่อ AI และ HPC workloads อัปเดตระบบของคุณด่วน! อ่านรายละเอียด: https://t.co/sFbXsM7Sk4 #Cybersecurity . Credit - https://t.co/37qgHM73Hx .

    @commencenow

    17 Feb 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. 엔비디아(Nvidia) GPU 도구 최고 등급 취약점 발견(CVE-2025-23359) https://t.co/u5jHPAEVl4 #Nvidia #엔비디아 #취약점

    @sakaijjang

    16 Feb 2025

    16 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  12. CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass) https://t.co/nZmShQehjW libnvidia-container mount is susceptible to symlink attacks, which can lead to arbitrary host directories being mounted

    @oss_security

    15 Feb 2025

    454 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. ⚠️ Vulnerability Alert: NVIDIA Container Toolkit Vulnerable to Code Execution Attacks 📅 Timeline: Disclosure: 2025-02-11, Patch: 2025-02-12 📌 Attribution: Wiz Research 🆔cveId: CVE-2025-23359 📊baseScore: 8.3 📏cvssMetrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity:…

    @syedaquib77

    14 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-23359: Nvidia-container-toolkit: GPU Container Escape (CVE-2024-0132 fix bypass) https://t.co/QBTOa3nWto

    @andersonc0d3

    14 Feb 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 A critical vulnerability (CVE-2025-23359) in NVIDIA's Container Toolkit could allow attackers to escape container isolation and access the host’s entire file system. With a CVSS score of 8.3, this flaw underscores the importance of staying updated! 🌐🔒 #CyberSecurity

    @eilonh1

    12 Feb 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. CVE-2025-23359 NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image c… https://t.co/ry48pNLUSZ

    @CVEnew

    12 Feb 2025

    324 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References