NVIDIA has issued an emergency alert regarding two serious flaws in the Container Toolkit and GPU Operator software. The two code-assigned vulnerabilities, CVE-2025-23266 and CV E-2O20-24267, directly affect the GPU-powered container environment, allowing attackers to escalate privileges or disrupt services.
The CVE-2025-23266 breach was found to be of high severity with a CVSS v3.1 score of 9.0. The problem lies in the Container Toolkit’s initial code hook across all platforms, allowing attackers to execute arbitrary code with enhanced privileges. This error follows the CWE-426 model, successful exploitation of which can lead to system hijacking, data leakage, and operational interruptions.
The second breach, CVE-2025-23267, has a CVSS score of 8.5, affecting the update-ldcache hook. Attackers can take advantage of link – following behavior through specially created container images. This error belongs to the CWE-59 group, which allows modification of data or disruption of system operations.
Both vulnerabilities affect the NVIDIA Container Toolkit from version 1.17.7 and earlier, and users are recommended to upgrade to 1.27.8 for safety. In the case of using the Runtime Container in CDI mode, only versions prior to 1.17.5 were affected by CVE-2025-23266. The Linux GPU Operator is also at risk if running up to 25.3.0, and should be updated to the 25,3.1 version. Particularly systems running Red Hat Enterprise Linux or OpenShift should implement the v1.17.8-ubi8 tag to avoid the risk of exploitation.
In the event that an update cannot be made immediately, NVIDIA has provided a temporary mitigation option by disabling the hook enable-cuda-compat. With legacy environments, users can edit files /etc/nvidia-container-toolkit/config.toml with the following configuration:
[features]
disable-cuda-compat-lib-hook = trueFor Driver GPUs, corresponding configurations can be configured during the Helm deployment:
--set "toolkit.env[0].name=NVIDIA CONTAINER TOOLKIT OPT IN FEATURES"
--set "toolkit.env[0].value=disable-cuda-compat-lib-hook"In addition, older versions of GPU Operator can still function safely if the container Toolkit patch is implemented by specifying:
--set "toolkit.version=v1.17.8-ubuntu20.04"NVIDIA recommends all users apply the patch immediately to prevent potential exploitation. It is also recommended to refer to the official technical documentation of the Container Toolkit and GPU Operator to ensure proper deployment, especially in systems that use GPu for large workloads or multi-user environments.
