CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-23267
https://notcve.org/view.php?id=CVE-2025-23267
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5659 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-23266 – NVIDIA Transformers4Rec load_model_trainer_states_from_checkpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-23266
17 Jul 2025 — NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. A flaw was found in the NVIDIA Container Toolkit. This vulnerability allows execution of arbitrary code with elevated permissions via improperly secured container initializatio... • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •