CVE-2025-23359

HighPublic PoC

Published: 12 February 2025

Published

12 February 2025

Modified

25 September 2025

KEV Added

—

Patch

—

CVSS Score 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score 0.0367 88.0th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23359 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Nvidia Nvidia Container Toolkit. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked in the top 12.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Escape to Host (T1611). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely patching of the TOCTOU vulnerability in NVIDIA Container Toolkit as provided in NVIDIA's security advisory.

CM-6 Configuration Settings good match

prevent

Enforces secure configuration settings for the Container Toolkit to mitigate the default configuration vulnerability exploited by crafted images.

SC-39 Process Isolation partial match

prevent

Implements process isolation to separate container execution domains from the host filesystem, reducing the impact of TOCTOU-based escapes.

MITRE ATT&CK Enterprise TechniquesAI

T1611 Escape to Host Privilege Escalation

Adversaries may break out of a container or virtualized environment to gain access to the underlying host.

attack.mitre.org →

Why these techniques?

The TOCTOU vulnerability in the NVIDIA Container Toolkit allows a crafted container image to bypass isolation and gain unauthorized access to the host file system, directly enabling container escape to the underlying host.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution,…

denial of service, escalation of privileges, information disclosure, and data tampering.

Deeper analysisAI

CVE-2025-23359, published on 2025-02-12, is a Time-of-Check Time-of-Use (TOCTOU) vulnerability (CWE-367) in the NVIDIA Container Toolkit for Linux when used with its default configuration. A crafted container image can exploit this flaw to gain unauthorized access to the host file system. The vulnerability carries a CVSS v3.1 base score of 8.3 (AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating high severity due to its potential for significant impact across confidentiality, integrity, and availability.

Attackers can exploit this vulnerability remotely without privileges, though it requires high attack complexity and user interaction, such as convincing a user to deploy or pull a malicious container image. Successful exploitation grants access to the host file system, potentially enabling arbitrary code execution, denial of service, privilege escalation, information disclosure, and data tampering.

NVIDIA's security advisory at https://nvidia.custhelp.com/app/answers/detail/a_id/5616 provides details on patches and mitigations. Additional coverage, including discussion of an incomplete patch, is available at https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html.