Researchers Release PoC Exploit for High-Severity NVIDIA AI Toolkit Bug

Wiz Research has disclosed a severe vulnerability in the NVIDIA Container Toolkit (NCT), dubbed #NVIDIAScape and tracked as CVE-2025-23266 with a CVSS score of 9.0, enabling malicious containers to escape isolation and gain root access on host systems.

This flaw, stemming from a misconfiguration in OCI hook handling, affects NCT versions up to 1.17.7 (in CDI mode for pre-1.17.5 releases) and NVIDIA GPU Operator up to 25.3.1.

As a cornerstone for GPU-accelerated AI workloads in cloud environments, the toolkit’s vulnerability poses a systemic risk, potentially allowing attackers to compromise shared infrastructure and access sensitive data across multi-tenant setups.

Critical Container Escape Flaw

The exploit leverages the OCI runtime specification’s createContainer hooks, which NCT employs to configure container access to host NVIDIA drivers and GPUs.

Unlike prestart hooks that operate in isolated contexts, createContainer hooks inherit environment variables from the container image ...