#VU105990 Permissions, Privileges, and Access Controls in Ingress-NGINX Controller for Kubernetes - CVE-2025-1097

Cybersecurity Help s.r.o.

Published: 2025-03-24 | Updated: 2025-03-25

Vulnerability identifier: #VU105990

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-1097

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Ingress-NGINX Controller for Kubernetes
Server applications / Other server solutions

Vendor: Kubernetes

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to an error where the "auth-tls-match-cn" Ingress annotation can be used to inject configuration into nginx. A remote authenticated user can execute arbitrary code in the context of the ingress-nginx controller.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Ingress-NGINX Controller for Kubernetes: 1.0.0 - 1.12.0

External links
https://github.com/kubernetes/kubernetes/issues/131007
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
https://github.com/advisories/GHSA-823x-fv5p-h7hw

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Ingress-NGINX Controller for Kubernetes