NVIDIA has released urgent security patches addressing two critical vulnerabilities CVE-2025-23266 and CVE-2025-23267, impacting its Container Toolkit (versions up to 1.17.7) and GPU Operator (versions up to 25.3.0). These flaws allow attackers to execute arbitrary code with elevated privileges, posing serious risks such as privilege escalation, data manipulation, information leakage, and denial of service. The vulnerabilities affect all platforms using the specified versions, and the threat is particularly severe due to their exploitation potential within container environments widely used in enterprise systems and AI workloads.

CVE-2025-23266, the more severe of the two, holds a critical CVSS v3.1 score of high and stems from untrusted search path issues (CWE-426) within container initialization hooks. It enables adjacent network attackers to execute arbitrary code with minimal complexity and no user interaction. CVE-2025-23267, rated with a high CVSS score of high, relates to improper link resolution (CWE-59) in the update-ldcache hook, allowing link following attacks through crafted container images. The vulnerabilities were responsibly disclosed by Security Researcher, respectively.

To address these issues, NVIDIA urges all users to immediately upgrade the Container Toolkit to version 1.17.8 and the GPU Operator to version 25.3.1. These patched versions eliminate the attack vectors that allowed elevated code execution and unsafe file access. It's important to note that the Container Device Interface (CDI) mode vulnerabilities specifically affect Toolkit versions prior to 1.17.5 and GPU Operator versions before 25.3.0.

As a temporary mitigation, organizations can disable the vulnerable enable-cuda-compat hook. For Container Toolkit users, this involves modifying the config.toml file to set the features.disable-cuda-compat-lib-hook flag to true. GPU Operator users can apply similar mitigations during Helm-based deployments. While mitigations help reduce immediate risk, NVIDIA strongly recommends applying the official updates to ensure long-term security and stability of containerized GPU environments.