According to insecurity experts from Wiz, it allows attackers to remotely execute malicious code, launch denial-of-service attacks, escalate privileges, and steal sensitive data.

The company confirmed the security flaw in an advisory, stating that the bug tracked as CVE-2025-23359 affects both the Nvidia Container Toolkit and the Nvidia GPU Operator, which manages GPU resources in Kubernetes clusters.

 The vulnerability has been assigned a severity score of 8.3, impacting all versions of the Container Toolkit up to and including 1.17.3 and all versions of the GPU Operator up to and including 24.9.1.

Nvidia has released patches to address the issue, including fixes in versions 1.17.4 and 24.9.2. The flaw is only present on Linux-based systems and does not affect cases where Container Device Interface (CDI) is used.

Wiz suggested that this vulnerability is, in fact, a bypass for an earlier, even more severe flaw. The previous bug tracked as CVE-2024-0132, carried a critical severity score of 9.0 and allowed attackers to mount a host’s root file system into a container, effectively giving them unrestricted access. Once inside, attackers could launch privileged containers and achieve complete control over the host system.

Nvidia stated that the initial issue was addressed in September 2024. To mitigate the latest vulnerability, users are strongly advised to apply the released patches and ensure the "--no-cntlibs" flag is not disabled in production environments.