Multiple vulnerabilities in Ingress-NGINX Controller for Kubernetes
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2025-1097 CVE-2025-24513 CVE-2025-24514 CVE-2025-1974 CVE-2025-1098 |
| CWE-ID | CWE-264 CWE-22 CWE-20 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Ingress-NGINX Controller for Kubernetes Server applications / Other server solutions |
| Vendor | Kubernetes |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU105990
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-1097
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to an error where the "auth-tls-match-cn" Ingress annotation can be used to inject configuration into nginx. A remote authenticated user can execute arbitrary code in the context of the ingress-nginx controller.
MitigationInstall update from vendor's website.
Vulnerable software versionsIngress-NGINX Controller for Kubernetes: 1.0.0 - 1.12.0
CPE2.3- cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.2:*:*:*:*:*:*:*
https://github.com/kubernetes/kubernetes/issues/131007
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
https://github.com/advisories/GHSA-823x-fv5p-h7hw
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Path traversal
EUVDB-ID: #VU105989
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24513
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error in the Admission Controller feature. A remote non-authenticated attacker can read certain files on the system or perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIngress-NGINX Controller for Kubernetes: 1.0.0 - 1.12.0
CPE2.3- cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.2:*:*:*:*:*:*:*
https://github.com/kubernetes/kubernetes/issues/131005
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
https://github.com/advisories/GHSA-242m-6h72-7hgp
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU105988
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-24514
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to an error where the "auth-url" Ingress annotation can be used to inject configuration into nginx. A remote authenticated user can execute arbitrary code in the context of the ingress-nginx controller.
Install update from vendor's website.
Vulnerable software versionsIngress-NGINX Controller for Kubernetes: 1.0.0 - 1.12.0
CPE2.3- cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.2:*:*:*:*:*:*:*
https://github.com/kubernetes/kubernetes/issues/131006
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
https://github.com/advisories/GHSA-fwwp-xcxw-39vq
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU105987
Risk: Critical
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Red]
CVE-ID: CVE-2025-1974
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unspecified vulnerability in admission controller. A remote non-authenticated attacker with access to the pod network and execute arbitrary code in the context of the ingress-nginx controller
MitigationInstall update from vendor's website.
Vulnerable software versionsIngress-NGINX Controller for Kubernetes: 1.0.0 - 1.12.0
CPE2.3- cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.2:*:*:*:*:*:*:*
https://github.com/kubernetes/kubernetes/issues/131009
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
https://github.com/advisories/GHSA-mgvx-rpfc-9mpv
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU105986
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-1098
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to "mirror-target" and "mirror-host" Ingress annotations can be used to inject arbitrary configuration into nginx. A remote user can execute arbitrary code in the context of the ingress-nginx controller and disclose Secrets accessible to the controller.
MitigationInstall update from vendor's website.
Vulnerable software versionsIngress-NGINX Controller for Kubernetes: 1.0.0 - 1.12.0
CPE2.3- cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:ingress-nginx:1.0.2:*:*:*:*:*:*:*
https://github.com/kubernetes/kubernetes/issues/131008
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
https://github.com/advisories/GHSA-vg63-w3p9-jc9m
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
