NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.
History

Sat, 19 Jul 2025 00:15:00 +0000

Type Values Removed Values Added
Title nvidia-container-toolkit: NVIDIA Container Toolkit Link Following Vulnerability
References
Metrics threat_severity

None

threat_severity

Important


Thu, 17 Jul 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 17 Jul 2025 19:45:00 +0000

Type Values Removed Values Added
Description NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.
Weaknesses CWE-59
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: nvidia

Published: 2025-07-17T19:32:36.958Z

Updated: 2025-07-17T20:09:42.007Z

Reserved: 2025-01-14T01:06:23.291Z

Link: CVE-2025-23267

cve-icon Vulnrichment

Updated: 2025-07-17T20:09:34.024Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-07-17T20:15:28.843

Modified: 2025-07-17T21:15:50.197

Link: CVE-2025-23267

cve-icon Redhat

Severity : Important

Publid Date: 2025-07-17T19:32:36Z

Links: CVE-2025-23267 - Bugzilla