CVE-2025-23359
Published: 12 February 2025
Summary
CVE-2025-23359 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Nvidia Nvidia Container Toolkit. Its CVSS base score is 8.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked in the top 11.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).
Deeper analysis
NVIDIA Container Toolkit for Linux is affected by a Time-of-Check Time-of-Use (TOCTOU) vulnerability, tracked as CVE-2025-23359 and assigned CWE-367, that exists under the product's default configuration. A crafted container image can be used to obtain access to the host file system, with potential impacts including code execution, denial of service, privilege escalation, information disclosure, and data tampering. The issue carries a CVSS 3.1 score of 8.3 reflecting network attack vector, high complexity, no required privileges, required user interaction, and changed scope with high impact on confidentiality, integrity, and availability.
An attacker can exploit the flaw by supplying a malicious container image that races the toolkit's checks, allowing unauthorized host file-system access once the image is processed. Successful exploitation therefore enables the listed impacts without needing elevated privileges on the target system, though the attack requires user interaction and faces high complexity.
NVIDIA's security advisory at the provided reference URL and a subsequent technical analysis describe the issue and available remediation steps for affected deployments. The EPSS score has remained flat at 0.0367 with no material increase observed after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3156
Vulnerability details
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution,…
more
denial of service, escalation of privileges, information disclosure, and data tampering.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The TOCTOU vulnerability in the NVIDIA Container Toolkit allows a crafted container image to bypass isolation and gain unauthorized access to the host file system, directly enabling container escape to the underlying host.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely patching of the TOCTOU vulnerability in NVIDIA Container Toolkit as provided in NVIDIA's security advisory.
Enforces secure configuration settings for the Container Toolkit to mitigate the default configuration vulnerability exploited by crafted images.
Implements process isolation to separate container execution domains from the host filesystem, reducing the impact of TOCTOU-based escapes.