WARNING: HIGH SEVERITY TOCTOU RACE CONDITION VULNERABILITY IN NVIDIA CONTAINER TOOLKIT AND NVIDIA GPU OPERATOR CAN LEAD TO RCE, DOS, PRIVILEGE ESCALATION AND/OR DATA COMPROMISE. PATCH IMMEDIATELY!

An 8.3 high severity vulnerability (CVE-2025-23359) exists in NVIDIA's Container Toolkit (v1.17.3 and below) and GPU Operator (v24.9.1 and below) software.  If left unpatched, affected devices are vulnerable to remote code execution (RCE), denial-of-service (DOS), privilege escalation and/or data compromise attacks with possible high impact on confidentiality, integrity, and availability of data and systems.

 

User interaction is required for successful exploitation.

 

No information is currently available that the vulnerability would be actively exploited.

 

CVE-2025-23359 is fixed via software upgrade to v1.17.4 (Container Toolkit) and v24.9.2 (GPU Operator).

CVE-2025-23359 is a 'Time-of-check Time-of-use (aka TOCTOU) Race Condition' vulnerability and could allow an attacker to escape containers via an unspecified remote vector.

 

If exploited successfully, an attacker could execute code, escalate privileges and/or tamper with (the availability of) data.

 

NVIDIA Container Toolkit is an open source toolkit designed to simplify the deployment of GPU-accelerated applications in Docker containers.  NVIDIA GPU Operator is a solution to deploy and manage GPUs in Kubernetes.

Patch

 

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

 

Monitor/Detect

 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

 

In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.

 

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.