VYPR
Critical severity9.0GHSA Advisory· Published Jul 17, 2025· Updated Apr 15, 2026

CVE-2025-23266

CVE-2025-23266

Description

NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/NVIDIA/nvidia-container-toolkitGo
< 1.17.81.17.8
github.com/NVIDIA/k8s-device-pluginGo
< 0.17.30.17.3
github.com/NVIDIA/gpu-operatorGo
< 25.3.225.3.2
github.com/NVIDIA/mig-partedGo
< 0.12.20.12.2

Affected products

53

Patches

Vulnerability mechanics

References

10

News mentions

1