Ingress-nginx Configuration Vulnerability in Kubernetes
CVE-2025-1097

8.8HIGH

Key Information:

Vendor
Kubernetes
Status
Ingress-nginx
Vendor
CVE Published:
25 March 2025

Badges

๐Ÿ”ฅ Trending now๐Ÿ“ˆ Trended๐Ÿ“ˆ Score: 9,960๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐Ÿ“ฐ News Worthy

What is CVE-2025-1097?

CVE-2025-1097 is a critical vulnerability found in the ingress-nginx controller, a fundamental component of the Kubernetes ecosystem that manages inbound connections for applications running on Kubernetes clusters. This vulnerability arises from an issue with the auth-tls-match-cn Ingress annotation, which can be exploited to inject malicious configurations into the nginx server. As a result, this can lead to arbitrary code execution within the ingress-nginx controller, jeopardizing the security of the Kubernetes environment and potentially exposing sensitive data stored in Secrets accessible by the controller.

Technical Details

The vulnerability is specifically linked to the way the ingress-nginx controller interprets the auth-tls-match-cn Ingress annotation. By manipulating this annotation, an attacker could inject configurations that the nginx server would execute. This presents a significant security risk, as the ingress-nginx controller typically has broad access to Secrets stored within the Kubernetes environment. The configuration injection can lead to unauthorized operations within the context of the nginx controller, which could compromise the integrity and confidentiality of the cluster.

Potential Impact of CVE-2025-1097

  1. Arbitrary Code Execution: Exploiting this vulnerability could allow attackers to run arbitrary code in the context of the ingress-nginx controller, leading to unauthorized actions being performed on the Kubernetes cluster.

  2. Disclosure of Sensitive Data: Given the access level of the ingress-nginx controller to cluster-wide Secrets, an attacker could gain access to sensitive information, including credentials and configuration data, risking data leaks and further system compromise.

  3. Compromise of Kubernetes Environment: The ability to manipulate configurations and execute arbitrary code could enable attackers to establish footholds within the Kubernetes environment, potentially facilitating later stages of an attack, such as lateral movement or persistence.

Affected Version(s)

ingress-nginx 0 <= 1.11.4

ingress-nginx 1.12.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

IngressNightmare-PoC
Created by hakaioffsec

IngressNightmare-PoC
Created by lufeirider

News Articles

favicon imageGBHackers News

Ingress NGINX RCE Vulnerability Allows Attackers to Compromise Entire Cluster

A series of remote code execution (RCE) vulnerabilities known as "IngressNightmare" have been discovered in the Ingress NGINX Controller for Kubernetes.

1 week ago

favicon imagewiz.io

Remote Code Execution Vulnerabilities in Ingress NGINX | Wiz Blog

Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.

1 week ago

References

https://github.com/kubernetes/kubernetes/issues/131007

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ“ˆ

    Vulnerability started trending

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • ๐Ÿ“ฐ

    First article discovered by wiz.io

.