High severity8.5NVD Advisory· Published Jul 17, 2025· Updated Apr 15, 2026

CVE-2025-23267

Description

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/NVIDIA/nvidia-container-toolkitGo	< 1.17.8	1.17.8
github.com/NVIDIA/k8s-device-pluginGo	< 0.17.3	0.17.3
github.com/NVIDIA/gpu-operatorGo	< 25.3.2	25.3.2
github.com/NVIDIA/mig-partedGo	< 0.12.2	0.12.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-67jc-hmvg-q4c7ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-23267ghsaADVISORY
www.openwall.com/lists/oss-security/2025/07/16/3nvdWEB
nvidia.custhelp.com/app/answers/detail/a_id/5659nvdWEB
pkg.go.dev/vuln/GO-2025-3998ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.552
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000