Cybersecurity researchers from Wiz have uncovered a severe flaw, now identified as CVE-2025-23266 and nicknamed NVIDIAScape, that could allow attackers to escape container boundaries and gain full root access to the host machine.
The bug affects all versions of the NVIDIA Container Toolkit up to 1.17.7 and has been rated 9.0 (Critical) on the CVSS severity scale. It also impacts NVIDIA GPU Operator versions up to 25.3.0, widely used to manage GPU containers in Kubernetes clusters.
The vulnerabil...
