NVIDIA Plugs Critical Flaws in Container Toolkit and GPU Operator: CVE-2025-23266 & CVE-2025-23267

NVIDIA has released a critical security update for its Container Toolkit and GPU Operator, patching two high-impact vulnerabilities—CVE-2025-23266 and CVE-2025-23267—that could allow attackers to gain elevated privileges, tamper with data, or trigger denial-of-service (DoS) conditions in containerized environments.

These flaws underscore the growing risks in container orchestration and GPU-accelerated workloads, especially in high-performance computing (HPC), AI/ML pipelines, and production clusters running on Kubernetes.

As containerized and GPU-accelerated workloads become essential for modern data centers, vulnerabilities in their orchestration layers pose serious security threats.

Without patching, attackers can weaponize these vulnerabilities to:

• Hijack root-level privileges in containers
• Interfere with scientific or ML workloads
• Disable services powering production applications

CVE-2025-23266 (CVSS 9.0): Privilege Escalation via Initialization Hooks

This vulnerability affects the hooks used to initialize containers. According to the bulletin:

“An attacker could execute arbitrary code with elevated permissions. A successful exploit might lead to escalation of privileges, data tampering, information disclosure, and denial of service.”

Impacted systems include all platforms using NVIDIA Container Toolkit versions up to 1.17.7 in CDI (Container Device Interface) mode.

CVE-2025-23267 (CVSS 8.5): Link Following via Crafted Images

This second vulnerability affects the update-ldcache hook in the Container Toolkit. NVIDIA explains:

“An attacker could cause a link following by using a specially crafted container image… potentially leading to data tampering and denial of service.”

The exploit relies on malicious symbolic links, potentially targeting shared libraries or cache files during container start-up.

Who’s Affected?

The vulnerabilities impact:

• NVIDIA Container Toolkit: Versions ≤ 1.17.7
• NVIDIA GPU Operator for Linux: Versions ≤ 25.3.0
  (In CDI mode only for versions prior to 25.3.0)

Fixes and Workarounds

NVIDIA urges all users to update immediately:

In addition, users can mitigate the issue by opting out of the enable-cuda-compat hook.

• For Legacy Container Runtime

Edit /etc/nvidia-container-toolkit/config.toml:

[features]
disable-cuda-compat-lib-hook = true

For GPU Operator with Helm:

--set "toolkit.env[0].name=NVIDIA_CONTAINER_TOOLKIT_OPT_IN_FEATURES" \
--set "toolkit.env[0].value=disable-cuda-compat-lib-hook"

Users running GPU Operator versions prior to 25.3.1 can manually deploy NVIDIA Container Toolkit v1.17.8 during upgrade:

--set "toolkit.version=v1.17.8-ubuntu20.04"

Related Posts:

• ownCloud Users Beware: Act Now to Patch Critical Security Vulnerabilities
• Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates
• Cybercriminals have been earned over $16 million by distributing ransomware for 2 years
• Premium Panel Phishing Toolkit Exposed: Two Years of Global Attacks