A critical security flaw has been identified in the NVIDIA Container Toolkit, tracked as CVE-2025-23359 with a CVSS score of 8.3. This vulnerability allows attackers to bypass container isolation and gain unauthorized access to the host system.

Affected Versions:
– NVIDIA Container Toolkit: All versions up to 1.17.3
– NVIDIA GPU Operator: All versions up to 24.9.1

The vulnerability stems from a Time-of-Check Time-of-Use (TOCTOU) issue in the default configuration, enabling malicious container images to access the host file system. This flaw is particularly concerning as it bypasses a previously patched vulnerability (CVE-2024-0132).

Security researchers from Wiz discovered that attackers could:
– Mount the host’s root file system into a container
– Gain access to all system files
– Launch privileged containers
– Achieve complete host compromise through runtime Unix socket

The exploit works by manipulating file paths during mount operations using symbolic links, allowing access to the root directory through “/usr/lib64”. While initial access is read-only, attackers can bypass this limitation by spawning privileged containers.

Remediation Steps:
1. Update to NVIDIA Container Toolkit version 1.17.4
2. Update to NVIDIA GPU Operator version 24.9.2
3. Maintain the “–no-cntlibs” flag enabled in production environments