Arbitrary Code Execution Vulnerability in nginx Ingress Controller by Kubernetes
CVE-2025-24514

8.8HIGH

Key Information:

Vendor
Kubernetes
Status
Ingress-nginx
Vendor
CVE Published:
25 March 2025

Badges

📈 Score: 665📰 News Worthy

What is CVE-2025-24514?

CVE-2025-24514 is a critical vulnerability found in the nginx Ingress Controller used with Kubernetes, a popular platform for managing containerized applications. This vulnerability arises from a flaw in how the auth-url Ingress annotation is handled, potentially allowing attackers to inject malicious configurations into nginx. If exploited, this could lead to arbitrary code execution within the ingress-nginx controller, severely compromising the security of an organization's Kubernetes environment. Given that the controller can access all Secrets cluster-wide in its default installation, this vulnerability could expose sensitive information and disrupt operations.

Technical Details

CVE-2025-24514 is categorized as an Arbitrary Code Execution vulnerability. The core issue lies in the injection capabilities provided through the auth-url Ingress annotation, which is meant to enhance security via external authentication mechanisms. However, due to improper handling, this functionality can be manipulated by an attacker to run unauthorized code within the context of the ingress-nginx controller. The vulnerability permits access to Secrets that the controller can reach, raising significant security concerns regarding data confidentiality and system integrity.

Potential Impact of CVE-2025-24514

  1. Arbitrary Code Execution: The primary risk associated with this vulnerability is the potential for attackers to execute arbitrary code on the ingress-nginx controller. This could lead to unauthorized access or control over the Kubernetes infrastructure, allowing for malicious activities such as deploying malware or exfiltrating data.

  2. Data Breach: Given that the ingress-nginx controller can access all Secrets cluster-wide by default, exploitation of this vulnerability might lead to the disclosure of sensitive information, including passwords and API keys. This could substantially compromise an organization's security posture and lead to further attacks.

  3. Operational Disruption: The ability to inject configurations and execute malicious code can disrupt the normal functioning of services managed by the ingress-nginx controller. Such disruptions could result in downtime for critical applications, directly impacting business operations and potentially leading to financial losses.

Affected Version(s)

ingress-nginx 0 <= 1.11.4

ingress-nginx 1.12.0

News Articles

favicon imageCyberScoop

String of defects in popular Kubernetes component puts 40% of cloud environments at risk

Researchers aren’t aware of active exploitation in the wild, but they warn the risk for publicly exposed and unpatched Ingress Nginx controllers is extremely high.

5 days ago

favicon imageGBHackers News

Ingress NGINX RCE Vulnerability Allows Attackers to Compromise Entire Cluster

A series of remote code execution (RCE) vulnerabilities known as "IngressNightmare" have been discovered in the Ingress NGINX Controller for Kubernetes.

6 days ago

References

https://github.com/kubernetes/kubernetes/issues/131006

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by GBHackers News

  • Vulnerability published

.