Business
Bridge threat protection and cyber risk management
The leader in Exposure Management – turning cyber risk visibility into decisive, proactive security.
Stop adversaries with unrivaled visibility, powered by the intelligence of XDR, Agentic SIEM, and Agentic SOAR to leave attackers with nowhere left to hide.
The most trusted cloud security platform for developers, security teams, and businesses
Cloud asset discovery, vulnerability prioritization, security posture management, and attack surface management – all in one
Extend visibility to the cloud and streamline SOC investigations
Secure your data center, cloud, and containers without compromising performance by leveraging a cloud security platform with CNAPP capabilities
Simplify security for your cloud-native applications with advanced container image scanning, policy-based admission control, and container runtime protection
Protect application workflow and cloud storage against advanced threats
Unify multi-cloud visibility, eliminate hidden exposure, and secure your future.
Defend the endpoint through every stage of an attack
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Optimized prevention, detection, and response for endpoints, servers, and cloud workloads
Expand the power of XDR with network detection and response
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Protect against known, unknown, and undisclosed vulnerabilities in your network
Redefine trust and secure digital transformation with continuous risk assessments
Stay ahead of phishing, BEC, ransomware and scams with AI-powered email security, stopping threats with speed, ease and accuracy.
See threats coming from miles away
End-to-end identity security from identity posture management to detection and response
Discover AI solutions designed to protect your enterprise, support compliance, and enable responsible innovation
Strengthen your defenses with the industry's first proactive cybersecurity AI – no blind spots, no surprises
The industry’s first proactive cybersecurity AI
Harness unparalleled breadth and depth of data, high-quality analysis, curation, and labeling to reveal meaningful, actionable insights
Secure your AI journey and eliminate vulnerabilities before attacks happen – so you can innovate with confidence
Shaping the future of cybersecurity through AI innovation, regulatory leadership, and trusted standards
Accelerate enterprise AI deployment with security, compliance, and trust
High-fidelity digital twins enable predictive planning, strategic investments, and resilience optimization
Prevent, detect, respond and protect without compromising data sovereignty
Protect patient data, devices, and networks while meeting regulations
Stop threats with easy-to-use solutions designed for your growing business
Extend your team with trusted 24/7 cybersecurity experts to predict, prevent, and manage breaches.
Augment security teams with 24/7/365 managed detection, response, and support
Assess, understand, and mitigate cyber risk with strategic guidance
Augment threat detection with expertly managed detection and response (MDR) for email, endpoints, servers, cloud workloads, and networks
Our trusted experts are on call whether you're experiencing a breach or looking to proactively improve your IR plans
Stop breaches with the best response and detection technology on the market and reduce clients’ downtime and claim costs
Grow your business and protect your customers with the best-in-class complete, multilayered security
Stand out to customers with competency endorsements that showcase your expertise
Deliver proactive security services from a single, partner-centric security platform built for MSPs, MSSPs, and DFIR teams
We work with the best to help you optimize performance and value
Discover resources designed to accelerate your business’s growth and enhance your capabilities as a Trend Micro partner
Accelerate your learning with Trend Campus, an easy-to-use education platform that offers personalized technical guidance
Access collaborative services designed to help you showcase the value of Trend Vision One™ and grow your business
Locate a partner from whom you can purchase Trend Micro solutions
Real-world stories of how global customers use Trend to predict, prevent, detect, and respond to threats.
See how cyber resilience led to measurable impact, smarter defense, and sustained performance.
Meet the people behind the protection – our team, customers, and improved digital well-being.
Hear directly from our users. Their insights shape our solutions and drive continuous improvement.
See how Trend outperforms the competition
Crowdstrike provides effective cybersecurity through its cloud-native platform, but its pricing may stretch budgets, especially for organizations seeking cost-effective scalability through a true single platform
Microsoft offers a foundational layer of protection, yet it often requires supplemental solutions to fully address customers' security problems
Palo Alto Networks delivers advanced cybersecurity solutions, but navigating its comprehensive suite can be complex and unlocking all capabilities requires significant investment
Demo Series: Agentic SIEM (September 18)
Discover how AI sets a new standard for intelligent cybersecurity >
Proactive email security: The power of AI
Learn more >
Crypto24 hackers exploit IT tools for custom malware
Learn more >
Charon ransomware bypasses EDR with process injection tricks
See how >
Task scam sites spoof real brands to gain trust
How to protect yourself >
Content has been added to your Folio
Exploits & Vulnerabilities
A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk.
By: Abdelrahman Esmail Read time: ( words)
Save to Folio
Summary:
In September 2024, NVIDIA released several updates to address a critical vulnerability (CVE-2024-0132) in its NVIDIA Container Toolkit. If exploited, this vulnerability could expose AI infrastructure, data, or sensitive information. With a CVSS v3.1 rating of 9.0, all customers were advised to update their affected software immediately.
Further research, however, uncovered that the patch was incomplete. While analyzing the patch in October 2024, we identified a related performance flaw affecting Docker on Linux. These issues could enable attackers to escape container isolation, access sensitive host resources, and cause severe operational disruptions.
Analysis of CVE-2024-0132 uncovered an issue that could lead to denial of service
A time-of-check time-of-use (TOCTOU) vulnerability persists within the NVIDIA Container Toolkit, which allows a specially crafted container to access the host file system. Default configurations remain vulnerable for versions 1.17.3 and earlier, while version 1.17.4 requires the feature allow-cuda-compat-libs-from-container to be explicitly enabled.
This vulnerability was found during the review of patches for CVE-2024-0132 and this has been disclosed under ZDI-25-087.
Table 1. While earlier versions of the NVIDIA Container Toolkit are vulnerable, version 1.17.4 needs to have a feature enabled to be exploitable.
There’s also a performance issue potentially leading to a denial-of-service (DoS) vulnerability on the host machine. This issue affects Docker on Linux systems. According to the Docker security team:
The Docker API as a privileged interface. Consequently, any user with API access effectively holds root-level privileges on the host. It remains unclear whether this issue originates from Docker’s runtime or the Linux’s kernel handling of mount entries.
How the exploitation works for the DoS-binding issue
The same performance issue has also been reported independently by moby and NVIDIA:
An example of the potential exploitation of CVE-2025-23359
The following steps outline how a potential attack could unfold:
Security best practices for mitigating the vulnerability
To effectively mitigate vulnerabilities related to NVIDIA Container Toolkit (CVE-2024-0132 and associated Docker file system binding issue), we recommend the following best practices:
Proactive security with Trend Vision One™
Trend Vision One™ is the only AI-powered enterprise cybersecurity platform that centralizes cyber risk exposure management, security operations, and robust layered protection. This comprehensive approach helps you predict and prevent threats, accelerating proactive security outcomes across your entire digital estate. Backed by decades of cybersecurity leadership and Trend Cybertron, the industry’s first proactive cybersecurity AI, it delivers proven results: a 92% reduction in ransomware risk and a 99% reduction in detection time. Security leaders can benchmark their posture and showcase continuous improvement to stakeholders. With Trend Vision One, you’re enabled to eliminate security blind spots, focus on what matters most, and elevate security into a strategic partner for innovation.
Trend Vision One provides protection and detection capabilities through the following:
Trend Micro has also added a Time-Critical Vulnerability alert in the Trend Vision One Executive Dashboard that will be continually updated with additional information related to prevention and detection as it becomes available.
Rapid patching remains the most effective mitigation, but it might not always be feasible especially in complex or critical production environments. Trend Vision One™ Cloud Workload Security provides essential visibility and detection capabilities, such as detecting host file system binding to containers and running malicious containers escaping to the host file system.
Additionally, Trend Vision One™ Container Security proactively identifies vulnerabilities, malware, and compliance violations within container images. Detection capabilities for CVE-2024-0132 and the newly identified vulnerability from its failed patch are already available and integrates directly into Trend Vision One™ Cyber Risk Exposure Management.
As the attacker can create a malicious image with the exploit, Trend’s solutions can help detect this vulnerability on the pipeline before the image is pushed to production. This way, if the vulnerability is detected, Container Security (admission control policy enforcement) can block the container image from being deployed into the production environment. We also detect this vulnerability at runtime, ensuring customers have full visibility of this security issue across the entire environment.
Abdelrahman Esmail
Sr. Engineer
Select a country / region
Experience our enterprise cybersecurity platform for free