SB2025032478 - Multiple vulnerabilities in Ingress-NGINX Controller for Kubernetes
Published: March 24, 2025 Updated: June 27, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-1097)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to an error where the "auth-tls-match-cn" Ingress annotation can be used to inject configuration into nginx. A remote authenticated user can execute arbitrary code in the context of the ingress-nginx controller.
2) Path traversal (CVE-ID: CVE-2025-24513)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error in the Admission Controller feature. A remote non-authenticated attacker can read certain files on the system or perform a denial of service (DoS) attack.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-24514)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to an error where the "auth-url" Ingress annotation can be used to inject configuration into nginx. A remote authenticated user can execute arbitrary code in the context of the ingress-nginx controller.
4) Input validation error (CVE-ID: CVE-2025-1974)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an unspecified vulnerability in admission controller. A remote non-authenticated attacker with access to the pod network and execute arbitrary code in the context of the ingress-nginx controller
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-1098)
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to "mirror-target" and "mirror-host" Ingress annotations can be used to inject arbitrary configuration into nginx. A remote user can execute arbitrary code in the context of the ingress-nginx controller and disclose Secrets accessible to the controller.
Remediation
Install update from vendor's website.
References
- https://github.com/kubernetes/kubernetes/issues/131007
- https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
- https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
- https://github.com/advisories/GHSA-823x-fv5p-h7hw
- https://github.com/kubernetes/kubernetes/issues/131005
- https://github.com/advisories/GHSA-242m-6h72-7hgp
- https://github.com/kubernetes/kubernetes/issues/131006
- https://github.com/advisories/GHSA-fwwp-xcxw-39vq
- https://github.com/kubernetes/kubernetes/issues/131009
- https://github.com/advisories/GHSA-mgvx-rpfc-9mpv
- https://github.com/kubernetes/kubernetes/issues/131008
- https://github.com/advisories/GHSA-vg63-w3p9-jc9m