Cyber Resilience

CVE-2025-23359

HighPublic PoC

Published: 12 February 2025

Published
12 February 2025
Modified
25 September 2025
KEV Added
Patch
CVSS Score v3.1 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0367 88.2th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23359 is a high-severity Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) vulnerability in Nvidia Nvidia Container Toolkit. Its CVSS base score is 8.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Escape to Host (T1611); ranked in the top 11.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and SI-2 (Flaw Remediation).

Deeper analysis

NVIDIA Container Toolkit for Linux is affected by a Time-of-Check Time-of-Use (TOCTOU) vulnerability, tracked as CVE-2025-23359 and assigned CWE-367, that exists under the product's default configuration. A crafted container image can be used to obtain access to the host file system, with potential impacts including code execution, denial of service, privilege escalation, information disclosure, and data tampering. The issue carries a CVSS 3.1 score of 8.3 reflecting network attack vector, high complexity, no required privileges, required user interaction, and changed scope with high impact on confidentiality, integrity, and availability.

An attacker can exploit the flaw by supplying a malicious container image that races the toolkit's checks, allowing unauthorized host file-system access once the image is processed. Successful exploitation therefore enables the listed impacts without needing elevated privileges on the target system, though the attack requires user interaction and faces high complexity.

NVIDIA's security advisory at the provided reference URL and a subsequent technical analysis describe the issue and available remediation steps for affected deployments. The EPSS score has remained flat at 0.0367 with no material increase observed after disclosure.

EU & UK References

Vulnerability details

NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution,…

more

denial of service, escalation of privileges, information disclosure, and data tampering.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1611 Escape to Host Privilege Escalation
Adversaries may break out of a container or virtualized environment to gain access to the underlying host.
Why these techniques?

The TOCTOU vulnerability in the NVIDIA Container Toolkit allows a crafted container image to bypass isolation and gain unauthorized access to the host file system, directly enabling container escape to the underlying host.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-0136Same product: Linux Linux Kernel
CVE-2024-0135Same product: Linux Linux Kernel
CVE-2026-31678Same product: Linux Linux Kernel
CVE-2026-24217Same product: Linux Linux Kernel
CVE-2026-24210Same product: Linux Linux Kernel
CVE-2026-24206Same product: Linux Linux Kernel
CVE-2026-24207Same product: Linux Linux Kernel
CVE-2025-33225Same product: Linux Linux Kernel
CVE-2025-38352Same product: Linux Linux Kernel
CVE-2025-22224Shared CWE-367

Affected Assets

nvidia
nvidia container toolkit
≤ 1.17.4
nvidia
nvidia gpu operator
≤ 24.9.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely patching of the TOCTOU vulnerability in NVIDIA Container Toolkit as provided in NVIDIA's security advisory.

prevent

Enforces secure configuration settings for the Container Toolkit to mitigate the default configuration vulnerability exploited by crafted images.

prevent

Implements process isolation to separate container execution domains from the host filesystem, reducing the impact of TOCTOU-based escapes.

References