Date: 2025-07-17
Updated: 2025-08-20
One CRITICAL and one HIGH risk vulnerability have been announced concerning the NVIDIA Container Toolkit. The first may lead to privilege escalation and the execution of arbitrary code with elevated permissions.[R 1]
EGI SVG ID : EGI-SVG-2025-11
CVE ID : CVE-2025-23266, CVE-2025-23267
CVSS Score : 9.0, 8.5 [R 1]
Sites running the NVIDIA Container toolkit are required to urgently install a fixed version, see [R 1]
All running resources MUST be either patched or have mitigation in place or software removed by 2025-07-24 00:00 UTC
Sites failing to act and/or failing to respond to requests from the EGI CSIRT team risk site suspension.
See [R 1]
TLP:WHITE information - Unlimited distribution
https://advisories.egi.eu/Advisory-EGI-SVG-2025-11
https://advisories.egi.eu/Advisory-SVG-CVE-2025-23266
https://advisories.egi.eu/Advisory-SVG-CVE-2025-23267
Minor updates may be made without re-distribution to the sites.
This advisory is subject to the Creative Commons licence
https://creativecommons.org/licenses/by/4.0/ and
the EGI (https://www.egi.eu/) Software Vulnerability Group
must be credited. --
Comments or questions should be sent to svg-rat at mailman.egi.eu
Vulnerabilities relevant for EGI can be reported at report-vulnerability at egi.eu
(see [R 99] for further details, and other information on SVG)
SVG was alerted to this vulnerability by Barbara Krasovec
SVG was alerted to this vulnerability by Barbara Krasovec