CVE-2025-23267 is a vulnerability classified under CWE-59 (Improper Link Resolution Before File Access) found in the NVIDIA Container Toolkit and NVIDIA GPU Operator. The flaw exists in the update-ldcache hook, a component responsible for updating the dynamic linker cache within containerized environments that utilize NVIDIA GPUs. An attacker can craft a malicious container image that triggers improper symbolic link resolution (link following) during the update-ldcache process. This can lead to unauthorized file system access or modification, enabling data tampering and potentially causing denial of service conditions by corrupting or disrupting the dynamic linker cache. The vulnerability affects all versions of the NVIDIA Container Toolkit up to and including 1.17.7, with CDI mode specifically impacted in versions prior to 1.17.5, and NVIDIA GPU Operator up to 25.3.0. The CVSS v3.1 score is 8.5 (high), reflecting network attack vector, low attack complexity, required privileges, no user interaction, and a scope change. Exploitation requires some level of privileges (PR:L) but no user interaction (UI:N), and the impact is primarily on integrity and availability, with no direct confidentiality loss. No public exploits are currently known, but the vulnerability poses a significant risk in environments where container images are sourced from untrusted or insufficiently validated repositories. The flaw is particularly relevant for organizations leveraging GPU-accelerated container workloads for AI, machine learning, or HPC tasks.

For European organizations, this vulnerability poses a significant risk to the integrity and availability of containerized GPU workloads. Exploitation could allow attackers to tamper with critical system files or disrupt services by corrupting the dynamic linker cache, leading to denial of service. This can affect data processing pipelines, AI model training, and other GPU-dependent applications, potentially causing operational downtime and data integrity issues. Given the increasing adoption of containerization and GPU acceleration in sectors such as automotive, manufacturing, research, and finance across Europe, the impact could be widespread. Organizations relying on NVIDIA GPUs in containerized environments must consider the risk of supply chain attacks via malicious container images. The vulnerability could also be leveraged in multi-tenant cloud environments, increasing the risk of cross-tenant attacks. The absence of known exploits in the wild suggests a window for proactive mitigation, but the high CVSS score indicates the potential for serious disruption if exploited.

1. Immediately update the NVIDIA Container Toolkit to a version later than 1.17.7 and the NVIDIA GPU Operator beyond 25.3.0 once patches are released. 2. Until patches are available, restrict the use of untrusted or unverified container images, especially those that include GPU workloads. 3. Implement strict container image scanning and validation policies to detect malicious or malformed images that could exploit link following. 4. Employ runtime security tools that monitor container behavior and file system access patterns to detect anomalous link resolution or file tampering attempts. 5. Limit privileges of container runtimes and users to the minimum necessary, reducing the ability of an attacker to exploit this vulnerability. 6. Use container security best practices such as read-only file systems, seccomp profiles, and AppArmor/SELinux policies to restrict container capabilities. 7. Monitor logs and system behavior for signs of dynamic linker cache corruption or unexpected failures in containerized GPU workloads. 8. Educate DevOps and security teams about the risks associated with container image supply chain attacks and the specifics of this vulnerability.