Play AppSec WarGames
Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.
CVE-2025-23359 - The NVIDIA Container Toolkit Vulnerability
Researchers from Wiz, Shir Tamari, Ronen Shustin, and Andres Riancho have uncovered a bypass for a previously fixed security vulnerability in the NVIDIA Container Toolkit, tracked as CVE-2025-23359. By exploiting a Time-of-Check Time-of-Use (TOCTOU) flaw, attackers can mount the host’s root filesystem directly into the container. This effectively grants read (and ultimately write) access to host files, permitting container breakout that could lead to code execution, escalation of privileges, or the ability to intercept data on the host system. The Wiz team demonstrated that placing symbolic links inside the container image can trick the NVIDIA runtime into mounting from outside the container (i.e., the root directory), exposing sensitive host resources.
This new vulnerability bypasses an earlier NVIDIA fix (CVE-2024-0132) released in September 2024. Even though the mount points appear to be read-only at first, the presence of the container runtime’s privileged Unix socket lets attackers spawn new, more privileged containers. From there, they can perform a complete compromise of the host—viewing network traffic, tampering with files, or executing arbitrary code—all by leveraging the inherent trust NVIDIA libraries have when mounting container paths.
We made a challenge that recreates this vulnerability:
It is available in C as well
