[antisocial]

Taking a look at NVIDIAScape after its Pwn2Own reveal. CDI mode allows env vars like LD_PRELOAD to propagate through OCI hooks, inverting isolation for root execution on the host. More or less under-discussed aspect in shared AI clusters, this opens vectors for model exfiltration or poisoning, especially via tainted Hugging Face images in supply chains. Reminds me of older runc vulnerabilities, but the GPU element part takes it to another level, this vulnerability hitting roughly 37% of cloud AI services. I also found this a bit amateur like, because this is mostly privilege escalation for babies, and this coming from a very trusted company.

I wont bother writing a exploit since anyone with a brain can figure out how to abuse this.

Not sure if anyone else will find this interesting, but i did.

References & Articles:
https://zeropath.com/blog/nvidiascape-cv...kit-escape

https://nvd.nist.gov/vuln/detail/CVE-2025-23266

https://cve.mitre.org/cgi-bin/cvename.cg...2025-23266

https://securityonline.info/nvidia-plugs...025-23267/

https://www.wiz.io/blog/nvidia-ai-vulner...vidiascape

https://gbhackers.com/nvidia-container-t...erability/

https://thecyberthrone.in/2025/07/17/nvi...abilities/

https://thehackernews.com/2025/07/critic...-flaw.html