CVE-2025-23267

NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service.

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5659
http://www.openwall.com/lists/oss-security/2025/07/16/3

Configurations

No configuration.

History

04 Nov 2025, 22:16

Type	Values Removed	Values Added
Summary		(es) NVIDIA Container Toolkit para todas las plataformas contiene una vulnerabilidad en el enlace update-ldcache, donde un atacante podría provocar el seguimiento de un enlace mediante una imagen de contenedor especialmente manipulada. Explotar esta vulnerabilidad podría provocar la manipulación de datos y la denegación de servicio.
References		() http://www.openwall.com/lists/oss-security/2025/07/16/3 -

17 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-17 20:15

Updated : 2025-11-04 22:16

NVD link : CVE-2025-23267

Mitre link : CVE-2025-23267

CVE.ORG link : CVE-2025-23267

JSON object : View

Products Affected

No product.

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

8.5 /10