CVE-2025-23267

Summary

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.

Affected Software

VendorProductVersion RangeStatus
NVIDIAContainer ToolkitNVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)affected
NVIDIAContainer ToolkitNVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)affected

Weaknesses

  • CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References