CVE-2025-23359 HIGH

CVE-2025-23359

Vendor Nvidia
Product Container Toolkit
Weakness CWE-367
Published February 12, 2025
Last update April 11, 2025

CVSS base score

8.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Key dates

02Disclosure timeline

February 12, 2025 CVE published
April 11, 2025 Record updated