#VU105986 Permissions, Privileges, and Access Controls in Ingress-NGINX Controller for Kubernetes - CVE-2025-1098

Cybersecurity Help s.r.o.

Published: 2025-03-24 | Updated: 2025-03-25

Vulnerability identifier: #VU105986

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-1098

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Ingress-NGINX Controller for Kubernetes
Server applications / Other server solutions

Vendor: Kubernetes

Description

The vulnerability allows a remote user to compromise the affected system.

The vulnerability exists due to "mirror-target" and "mirror-host" Ingress annotations can be used to inject arbitrary configuration into nginx. A remote user can execute arbitrary code in the context of the ingress-nginx controller and disclose Secrets accessible to the controller.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Ingress-NGINX Controller for Kubernetes: 1.0.0 - 1.12.0

External links
https://github.com/kubernetes/kubernetes/issues/131008
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
https://github.com/advisories/GHSA-vg63-w3p9-jc9m

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Ingress-NGINX Controller for Kubernetes