A critical vulnerability, tracked as CVE-2025-23266 and dubbed NVIDIAScape, exists in the NVIDIA Container Toolkit, affecting all versions up to 1.17.7. This flaw, with a CVSS score of 9.0, allows attackers to execute arbitrary code with elevated permissions. It impacts 37% of cloud environments and could lead to privilege escalation, data tampering, and information disclosure. The vulnerability was caused by misconfiguration of the OCI hook ‘createContainer.’ It has been addressed in versions 1.17.8 and 25.3.1 of the toolkit and GPU Operator, respectively.
A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial-of-service.
Wiz characterized the flaw as "incredibly" easy to weaponize.
Collection
[
|
...
]