Vulnerability Details CVE-2025-23359
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.7%
CVSS Severity
CVSS v3 Score 8.3
References
Products affected by CVE-2025-23359
-
cpe:2.3:a:nvidia:nvidia_container_toolkit:1.16.0
-
cpe:2.3:a:nvidia:nvidia_container_toolkit:1.16.1
-
cpe:2.3:a:nvidia:nvidia_container_toolkit:1.16.2
-
cpe:2.3:a:nvidia:nvidia_container_toolkit:1.17.0
-
cpe:2.3:a:nvidia:nvidia_container_toolkit:1.17.1
-
cpe:2.3:a:nvidia:nvidia_container_toolkit:1.17.2
-
cpe:2.3:a:nvidia:nvidia_container_toolkit:1.17.3
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.0.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.1.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.10.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.10.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.11.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.11.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.2.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.3.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.4.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.5.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.5.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.5.2
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.6.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.6.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.6.2
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.7.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.7.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.8.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.8.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.8.2
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.9.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:1.9.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:22.9.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:22.9.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:22.9.2
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.3.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.3.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.3.2
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.6.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.6.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.6.2
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.9.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.9.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:23.9.2
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:24.3.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:24.6.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:24.6.1
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:24.6.2
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:24.9.0
-
cpe:2.3:a:nvidia:nvidia_gpu_operator:24.9.1
-
cpe:2.3:o:linux:linux_kernel:-