Arbitrary Code Execution Vulnerability in Ingress-Nginx Controller of Kubernetes
CVE-2025-1974

9.8CRITICAL

Key Information:

Vendor
Kubernetes
Status
Ingress-nginx
Vendor
CVE Published:
25 March 2025

Badges

📈 Trended📈 Score: 6,050👾 Exploit Exists🟡 Public PoC🟣 EPSS 80%📰 News Worthy

What is CVE-2025-1974?

CVE-2025-1974 is a critical vulnerability within the Ingress-Nginx Controller component of Kubernetes, an open-source platform primarily used for automating the deployment, scaling, and management of containerized applications. This vulnerability allows an unauthenticated attacker who has access to the pod network to execute arbitrary code in the context of the ingress-nginx controller. Given that the controller by default can interact with all cluster-wide Secrets, this vulnerability poses a significant threat, potentially leading to unauthorized access to sensitive data and disruption of services within an organization.

Technical Details

The vulnerability arises from insufficient validation measures within the ingress-nginx controller of Kubernetes. An attacker exploiting this vulnerability would require access to the pod network, where they could execute arbitrary code. This execution capability could be used to manipulate the controller's operations or access sensitive data that is otherwise protected, as the ingress-nginx controller typically has wide-ranging access permissions in the cluster environment.

Potential impact of CVE-2025-1974

  1. Disclosure of Sensitive Information: Attackers could gain access to Secrets managed by the ingress-nginx controller, potentially exposing sensitive data such as credentials, API keys, and other confidential information.

  2. Unauthorized Control of System Resources: Through arbitrary code execution, an attacker could manipulate the Kubernetes environment, affecting the stability and integrity of the services running within the cluster.

  3. Increased Attack Surface: By compromising the ingress-nginx controller, an attacker could pivot to other parts of the organization’s infrastructure, leading to broader attacks and increased risks of further exploitation, especially if integrated with other services.

Affected Version(s)

ingress-nginx 0 <= 1.11.4

ingress-nginx 1.12.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

IngressNightmare-POCs
Created by sandumjacob

nginxnightmare
Created by Esonhugh

CVE-2025-1974
Created by zwxxb

News Articles

favicon imagewww.thestack.technology

The one with Ross and the critical Kubernetes vulnerability

Some 4,500 Kubernetes clusters are exposed to remote exploitation due to "IngressNightmare" and CVE-2025-1974. A working exploit is available.

favicon imageCrowdStrike

Kubernetes IngressNightmare Vulnerabilities | CrowdStrike

Learn how CrowdStrike's security solutions can help identify vulnerable K8s clusters and detect potential exploitation attempts.

favicon imageGBHackers News

PoC Exploit Released for Ingress-NGINX RCE Vulnerabilities

A recently disclosed vulnerability in Ingress-NGINX, tracked as CVE-2025-1974, has raised concerns about the security of Kubernetes environments.

References

https://https://github.com/kubernetes/kubernetes/issues/1...

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📈

    Vulnerability started trending

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Cybersecurity Dive

  • Vulnerability published

.
CVE-2025-1974 : Arbitrary Code Execution Vulnerability in Ingress-Nginx Controller of Kubernetes | SecurityVulnerability.io