{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-23267","assignerOrgId":"9576f279-3576-44b5-a4af-b9a8644b2de6","state":"PUBLISHED","assignerShortName":"nvidia","dateReserved":"2025-01-14T01:06:23.291Z","datePublished":"2025-07-17T19:32:36.958Z","dateUpdated":"2025-11-04T21:09:39.708Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows","MacOS","Linux"],"product":"Container Toolkit","vendor":"NVIDIA","versions":[{"status":"affected","version":"NVIDIA Container Toolkit All versions up to and including 1.17.7 (CDI mode only for versions prior to 1.17.5)"},{"status":"affected","version":"NVIDIA GPU Operator All versions up to and including 25.3.0 (CDI mode only for versions prior to 25.3.0)"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service."}],"value":"NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image. A successful exploit of this vulnerability might lead to data tampering and denial of service."}],"impacts":[{"descriptions":[{"lang":"en","value":"Data tampering, denial of service"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":8.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-59","description":"CWE-59: Improper Link Resolution Before File Access ('Link Following')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"9576f279-3576-44b5-a4af-b9a8644b2de6","shortName":"nvidia","dateUpdated":"2025-07-17T19:32:36.958Z"},"references":[{"url":"https://nvidia.custhelp.com/app/answers/detail/a_id/5659"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-17T20:09:29.710381Z","id":"CVE-2025-23267","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-17T20:09:42.007Z"}},{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2025/07/16/3"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-04T21:09:39.708Z"}}]}}