CVE-2025-23359 – CVE-2025-23359 is a Time-of-Check Time-of-Use (... (How to Fix)

Q: What is the severity of CVE-2025-23359?

CVE-2025-23359 has a CVSS score of 8.3 (HIGH). CVE-2025-23359 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability in NVIDIA Container Toolkit for Linux that allows a malicious container image to bypass security checks and access the host file system. This affects users running NVIDIA Container Toolkit with default configurations on Linux systems, potentially leading to host compromise. The vulnerability stems from a race condition in file system operations.

📋 TL;DR

CVE-2025-23359 is a Time-of-Check Time-of-Use (TOCTOU) vulnerability in NVIDIA Container Toolkit for Linux that allows a malicious container image to bypass security checks and access the host file system. This affects users running NVIDIA Container Toolkit with default configurations on Linux systems, potentially leading to host compromise. The vulnerability stems from a race condition in file system operations.

💻 Affected Systems

Products:

NVIDIA Container Toolkit for Linux

Versions: Versions prior to the patched release (specific version not provided in references, check vendor advisory).

Operating Systems: Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerable only when using default configurations; custom configurations may reduce risk.

📦 What is this software?

Nvidia Container Toolkit by Nvidia

View all CVEs affecting Nvidia Container Toolkit →

Nvidia Gpu Operator by Nvidia

View all CVEs affecting Nvidia Gpu Operator →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full control of the host system, enabling code execution, privilege escalation, data theft, and denial of service.

🟠

Likely Case

Unauthorized access to sensitive host files, leading to information disclosure or data tampering within containerized environments.

🟢

If Mitigated

Limited impact if non-default configurations or strict access controls are applied, but risk remains if unpatched.

🌐 Internet-Facing: MEDIUM, as exploitation requires running a crafted container image, which may be deployed from untrusted sources.

🏢 Internal Only: HIGH, due to potential insider threats or compromised internal images in container registries.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting a malicious container image and convincing a user to run it, or compromising a container registry.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check NVIDIA advisory for specific patched version (e.g., latest release as of April 2025).

Vendor Advisory: https://nvidia.custhelp.com/app/answers/detail/a_id/5616

Restart Required: No

Instructions:

1. Update NVIDIA Container Toolkit to the latest version via package manager (e.g., apt, yum). 2. Verify installation with 'nvidia-container-toolkit --version'. 3. No restart needed, but restart containers for changes to take effect.

🔧 Temporary Workarounds

Use non-default configurations

all

Modify NVIDIA Container Toolkit settings to restrict file system access or use custom security policies.

Edit configuration files (e.g., /etc/nvidia-container-runtime/config.toml) to enforce stricter controls.

🧯 If You Can't Patch

Restrict container image sources to trusted registries only.
Implement strict access controls and monitoring for container runtime activities.

🔍 How to Verify

Check if Vulnerable:

Check if NVIDIA Container Toolkit version is older than the patched release using 'nvidia-container-toolkit --version'.

Check Version:

nvidia-container-toolkit --version

Verify Fix Applied:

Confirm version is updated to the patched release and test with a safe container image to ensure no unauthorized host access.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from containers to host paths in container runtime logs (e.g., Docker, containerd).

Network Indicators:

Suspicious outbound connections from containers attempting data exfiltration.

SIEM Query:

Example: 'container_runtime_logs | where event contains "host file access" and source_image contains untrusted_pattern'

📊 Metadata

CVE ID: CVE-2025-23359

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-367

EPSS Score: 0.67% exploit probability (70.8th percentile)

Published: February 12, 2025

Last Updated: September 25, 2025

🔗 References

https://nvidia.custhelp.com/app/answers/detail/a_id/5616 Vendor Advisory
https://thehackernews.com/2025/04/incomplete-patch-in-nvidia-toolkit.html Exploit,Press/Media Coverage

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-23359, you might also want to check these: