CVE-2025-23359

CVSS 3.1 Score 8.3 of 10 (high)

Details

Published Feb 12, 2025

CWE ID 367

Summary

CVE-2025-23359 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability affecting the NVIDIA Container Toolkit for Linux. With default configurations, a maliciously crafted container image can manipulate the application's access control, potentially granting unauthorized access to the host file system. Successful exploitation may result in code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Users are encouraged to update their containers and toolkit to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2cw59i
https://www.cve.org/CVERecord?id=CVE-2025-23359
https://nvd.nist.gov/vuln/detail/CVE-2025-23359

Back to Vulnerability Database

CVE-2025-23359

CVSS 3.1 Score 8.3 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations