NVIDIA Container Toolkit mount_files Time-Of-Check Time-Of-Use Race Condition Privilege Escalation Vulnerability (CVE-2025-23359)
CVE number = CVE-2025-23359
This vulnerability allows remote attackers to escalate privileges on affected installations of NVIDIA Container Toolkit.
An attacker must first obtain the ability to execute code within a container in order to exploit this vulnerability.
The specific flaw exists within the mount_files function. The issue results from the lack of proper locking when performing operations on an object.
An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host.
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Further details – https://nvidia.custhelp.com/app/answers/detail/a_id/5616
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.