Arbitrary Code Execution Vulnerability in Ingress-Nginx Controller of Kubernetes
CVE-2025-1974
Key Information:
- Vendor
- Kubernetes
- Status
- Ingress-nginx
- Vendor
- CVE Published:
- 25 March 2025
Badges
What is CVE-2025-1974?
CVE-2025-1974 is a critical vulnerability within the Ingress-Nginx Controller component of Kubernetes, an open-source platform primarily used for automating the deployment, scaling, and management of containerized applications. This vulnerability allows an unauthenticated attacker who has access to the pod network to execute arbitrary code in the context of the ingress-nginx controller. Given that the controller by default can interact with all cluster-wide Secrets, this vulnerability poses a significant threat, potentially leading to unauthorized access to sensitive data and disruption of services within an organization.
Technical Details
The vulnerability arises from insufficient validation measures within the ingress-nginx controller of Kubernetes. An attacker exploiting this vulnerability would require access to the pod network, where they could execute arbitrary code. This execution capability could be used to manipulate the controller's operations or access sensitive data that is otherwise protected, as the ingress-nginx controller typically has wide-ranging access permissions in the cluster environment.
Potential impact of CVE-2025-1974
-
Disclosure of Sensitive Information: Attackers could gain access to Secrets managed by the ingress-nginx controller, potentially exposing sensitive data such as credentials, API keys, and other confidential information.
-
Unauthorized Control of System Resources: Through arbitrary code execution, an attacker could manipulate the Kubernetes environment, affecting the stability and integrity of the services running within the cluster.
-
Increased Attack Surface: By compromising the ingress-nginx controller, an attacker could pivot to other parts of the organization’s infrastructure, leading to broader attacks and increased risks of further exploitation, especially if integrated with other services.
Affected Version(s)
ingress-nginx 0 <= 1.11.4
ingress-nginx 1.12.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
GBHackers NewsCVE-2025-1974PoC Exploit Released for Ingress-NGINX RCE Vulnerabilities
A recently disclosed vulnerability in Ingress-NGINX, tracked as CVE-2025-1974, has raised concerns about the security of Kubernetes environments.
2 days ago
Information Security BuzzCVE-2025-1974IngressNightmare: Critical Kubernetes Flaws Put 6,500+ Clusters At Risk
Five critical security vulnerabilities have been found in the Ingress NGINX Controller for Kubernetes, potentially enabling unauthenticated remote code
2 days ago
CyberScoopString of defects in popular Kubernetes component puts 40% of cloud environments at risk
Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.
3 days ago
References
EPSS Score
81% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 📈
Vulnerability started trending
- 🟡
Public PoC available
- 👾
Exploit known to exist
- 📰
First article discovered by Cybersecurity Dive
Vulnerability published