Security News > 2025 > March > Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
2025-03-24 18:55
A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of
News URL
https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html
#authentication #critical #nginx #RCE #vulnerability #CVE-2025-1097 #CVE-2025-24513 #CVE-2025-1974 #CVE-2025-24514 #CVE-2025-1098
Related news
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)