CVE-2025-23266
Published Jul 17, 2025
Last updated a month ago
AI description
CVE-2025-23266, also known as #NVIDIAScape, is a vulnerability found in the NVIDIA Container Toolkit (NCT). This toolkit is a fundamental component for many AI services offered by cloud and SaaS providers. The vulnerability stems from a misconfiguration in how the toolkit handles OCI hooks. The vulnerability allows a malicious container to bypass isolation measures and gain full root access to the host machine. An attacker could execute arbitrary code with elevated permissions, potentially leading to privilege escalation, data tampering, information disclosure, and denial of service. It can be exploited using a simple three-line Dockerfile.
- Description
- NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
- Source
- psirt@nvidia.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@nvidia.com
- CWE-426
- Hype score
- Not currently trending
Critical security update for #Fedora 41 Toolbox live now. Patched: CVE-2025-23266 (Privilege Escalation) and GHSA-fv92-fjc5-jj9h (Data Leak). Read more: 👉 https://t.co/BwYpRgszji #Security https://t.co/BjeNHupVIw
@Cezar_H_Linux
25 Aug 2025
56 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
New IOC Alert → SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know. ■ Indicator: CVE-2025-23266
@CTI131
20 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar — https://t.co/Cd6L8ACyLV: CVE-2025-53770 — Sharepoint Server 📈⬆️ CVE-2025-32433 (@lambdafu) CVE-2025-25257 (@0x_shaq) CVE-2025-49113 (@k_firsov) CVE-2025-6558 (@_clem1) CVE-2025-30406 CVE-2025-54309 CVE-2025-23266 (@nirohfeld @shirtamari) CVE
@ptdbugs
1 Aug 2025
160 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-30401 2 - CVE-2025-31200 3 - CVE-2025-49704 4 - CVE-2023-41992 5 - CVE-2025-23266 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
28 Jul 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2021-27954 2 - CVE-2025-53770 3 - CVE-2025-23266 4 - CVE-2025-22230 5 - CVE-2025-32429 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Jul 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical container escape vulnerability (CVE-2025-23266), dubbed NVIDIAScape, affects NVIDIA Container Toolkit and GPU Operator, allowing attackers to escalate privileges and take full control of servers running GPU-accelerated containers. https://t.co/6doNHCzIl5
@WalkureARCH
27 Jul 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💥 3 lines of code. Full server takeover. A critical flaw (CVE-2025-23266) in NVIDIA’s Container Toolkit lets attackers escape containers and hijack AI cloud environments. Codename: NVIDIAScape Impact: 37% of cloud setups Fix: Update to v1.17.8 https://t.co/RIH8kHqHOC
@WhoisDBs
26 Jul 2025
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
💥 3 lines of code. Full server takeover. A critical flaw (CVE-2025-23266) in NVIDIA’s Container Toolkit lets attackers escape containers and hijack AI cloud environments. Codename: NVIDIAScape Impact: 37% of cloud setups Fix: Update to v1.17.8 Read → https://t.co/t1NnoM
@TheHackersNews
26 Jul 2025
13702 Impressions
41 Retweets
100 Likes
17 Bookmarks
1 Reply
4 Quotes
There’s been a lot of talk after NVIDIAscape (CVE-2025-23266), some suggesting we go back to VMs for isolation. In this demo, we reproduce the exploit and show how vNode keeps it contained, no host access, no need for VMs. 📺 https://t.co/hit4LGuPTj #vNode #NVIDIAscape #GPU
@vcluster
26 Jul 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Critical NVIDIA AI Toolkit Flaw Exposes Cloud Services CVE-2025-23266, a critical flaw in NVIDIA's Container Toolkit (up to version 1.17.7) allows full host takeover via malicious OCI hooks, threatening AI cloud services. Also affecting GPU Operator versions up to 25.3.0, the ht
@dCypherIO
22 Jul 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: NVIDIA Container Toolkit vulnerability (CVE-2025-23266) allows container escape and root access. CVSS 9.0 affecting all AI cloud services. Exploits already released - immediate upgrades required to versions 1.17.8+ and 25.3.2+. ThreatCluster clustering 3 sources
@threatcluster
22 Jul 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVIDIAScape (CVE-2025-23266) exposes a fatal flaw in GPU container security: a container can gain root on the host using just 3 lines in a Docker file. vNode blocks this class of breakouts, without VMs. Full demo, exploit, and defense breakdown: https://t.co/cewUJRBluX
@vcluster
21 Jul 2025
1765 Impressions
3 Retweets
13 Likes
6 Bookmarks
0 Replies
3 Quotes
PoC Exploit Released for Critical NVIDIA AI Container Toolkit Vulnerability NVIDIAScape (CVE-2025-23266) flaw lets attackers escape containers, gain root on GPU hosts, posing major risk to AI cloud infrastructure. https://t.co/R7d689yCTu https://t.co/2tCzZcolCJ
@rickspairdigi
21 Jul 2025
49 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
NVIDIAScape - Critical NVIDIA AI Vulnerability A 3 line Container Escape in NVIDIA Container Toolkit CVE-2025-23266 Source URL: https://t.co/vVux4xQD3D https://t.co/riVmKgVFy5
@7h3h4ckv157
20 Jul 2025
891 Impressions
0 Retweets
11 Likes
5 Bookmarks
0 Replies
0 Quotes
GitHub - jpts/cve-2025-23266-poc - https://t.co/GHK046RpM9
@piedpiper1616
19 Jul 2025
2856 Impressions
10 Retweets
27 Likes
17 Bookmarks
0 Replies
0 Quotes
CVE-2025-23266 and CVE-2025-23267 # NVIDIA Container Toolkit Critical Vulnerabilities >>>: https://t.co/Qzyorv76Yd
@Iambivash007
19 Jul 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23266 Damnn.
@paracetanmol
19 Jul 2025
276 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en productos de NVIDIA ❗CVE-2025-23266 ❗CVE-2025-23267 ➡️Más info: https://t.co/wbbXk0GdmI https://t.co/0xcosOv4St
@CERTpy
18 Jul 2025
85 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
NVIDIA Container ToolkitにNVIDIAScape脆弱性(CVE-2025-23266) ・ 悪意のあるコンテナが隔離を脱出し、ホストマシンへのルートアクセスを取得可能 ・ 悪用に必要なのは、たった3行のDockerfile ・ 個人だけでなく、GPUサー
@taksasDESUYO
18 Jul 2025
225 Impressions
0 Retweets
7 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرة خطيرة تهدد بيئات الذكاء الاصطناعي السحابية كشفت شركة Wiz عن ثغرة أمنية حرجة في أداة NVIDIA Container Toolkit تحت الرقم CVE-2025-23266، وأطلقت عليها اسم NVIDIAScape، بتقيي
@buhaimedi
18 Jul 2025
1467 Impressions
2 Retweets
8 Likes
7 Bookmarks
1 Reply
0 Quotes
📌 كشف الباحثون عن ثغرة خطيرة في NVIDIA Container Toolkit تتيح تصعيد الامتيازات في خدمات السحابية الذكية. الثغرة التي تحمل اسم CVE-2025-23266 حصلت على تقييم 9.0 من 10.0 من حيث خ
@Cybercachear
18 Jul 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical Security Flaw Found in NVIDIA Container Toolkit A high-severity vulnerability (CVE-2025-23266), dubbed “NVIDIAScape,” has been discovered in the NVIDIA Container Toolkit, allowing attackers to escape containers and escalate privileges. The flaw affects all versions
@roadtoasi
18 Jul 2025
53 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Weekly vuln radar. https://t.co/Cd6L8AD6Bt – spot what’s trending before it’s everywhere: CVE-2025-29824 CVE-2025-6543 CVE-2025-20337 CVE-2025-6558 (via @_clem1) CVE-2025-49144 CVE-2025-24985 CVE-2025-20274 CVE-2025-23266 (via @nirohfeld @shirtamari) CVE-2021-41773
@ptdbugs
18 Jul 2025
129 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-23266: CRITICAL] Vulnerability found in NVIDIA Container Toolkit allows attackers to execute arbitrary code with elevated permissions, potentially leading to privilege escalation and other cyber th...#cve,CVE-2025-23266,#cybersecurity https://t.co/NQCAbiFTYU https://t.c
@CveFindCom
17 Jul 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-23266 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code wit… https://t.co/1R3mHpfyaB
@CVEnew
17 Jul 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NVIDIAScape - NVIDIA AI Vulnerability (CVE-2025-23266) | Wiz Blog https://t.co/E8Itiht1xR
@akaclandestine
17 Jul 2025
2140 Impressions
10 Retweets
33 Likes
8 Bookmarks
1 Reply
1 Quote
Warning: Critical vulnerability in #NVIDIA Container Toolkit. #CVE-2025-23266 CVSS: 9.0. Exploitation might lead to privilege escalation, info disclosure, tampering, or DoS. More info: https://t.co/PFtkVC6S1u #Patch #Patch #Patch
@CCBalert
17 Jul 2025
26 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes