- A major vulnerability known as “NVIDIAScape” (CVE-2025-23266) was discovered in the NVIDIA Container Toolkit, posing serious risks to cloud-based AI services.
- The flaw has a high severity score of 9.0 out of 10 and affects all versions of NVIDIA Container Toolkit up to 1.17.7 and NVIDIA GPU Operator up to 25.3.0.
- The vulnerability allows attackers to execute code with higher privileges, potentially leading to data theft or server takeover across cloud environments.
- NVIDIA and researchers at Wiz have identified and patched the issue in updated versions 1.17.8 and 25.3.1.
- The security gap could let attackers compromise sensitive data from other users sharing the same hardware, using a simple three-line exploit.
A critical vulnerability affecting the NVIDIA Container Toolkit was made public on July 18, 2025. Security researchers say the flaw, called “NVIDIAScape” and tracked as CVE-2025-23266, threatens managed Artificial Intelligence (AI) cloud services by allowing potential attackers to break out of containers and access sensitive resources.
According to advisories from NVIDIA and security firm Wiz, the bug has a severity score of 9.0 out of 10. NVIDIA explained that attackers could use compromised container initialization hooks to execute code with elevated permissions. “A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial-of-service,” the company wrote in its official advisory.
The vulnerability affects all releases of the NVIDIA Container Toolkit through version 1.17.7 and the NVIDIA GPU Operator up to 25.3.0. Patches are now available with toolkit version 1.17.8 and GPU Operator version 25.3.1. The tools let users run GPU-accelerated containers in cloud environments, including on Kubernetes clusters.
Wiz researchers said the problem is caused by how the toolkit manages the Open Container Initiative “createContainer” hook. Attackers can insert code using the LD_PRELOAD setting in a Dockerfile, which causes the toolkit to load a malicious library and execute it with system-level access. “By setting LD_PRELOAD in their Dockerfile, an attacker could instruct the nvidia-ctk hook to load a malicious library,” researchers Nir Ohfeld and Shir Tamari wrote in a detailed analysis.
The exploit can be launched with just three lines of code, making it simple for attackers to compromise cloud environments. The flaw could impact about 37% of cloud setups that use these NVIDIA tools, putting the data and models of multiple customers at risk.
This disclosure follows earlier reports on similar security issues in NVIDIA cloud software, including CVE-2024-0132 and CVE-2025-23359. Security experts warn that basic flaws in AI infrastructure pose a direct and immediate risk. They recommend using strong isolation methods, like virtualization, rather than relying only on containers to separate user environments.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- dYdX Acquires Pocket Protector, Accelerates Social Trading Push
- Circle and Ripple Apply for OCC Trust Bank Charters, Limit Disclosures
- Trump Signs GENIUS Act to Regulate Cryptocurrency Industry
- IMF: El Salvador Not Buying More Bitcoin Despite Claims
- Decoding the Signal: How Smart Tech is Flipping the Script on Market Analysis
