Security News > 2025 > March > Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
2025-03-24 18:55

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of


News URL

https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2025-03-25 CVE-2025-24514 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx.
0.0
0.0
2025-03-25 CVE-2025-24513 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container.
0.0
0.0
2025-03-25 CVE-2025-1974 A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.
0.0
0.0
2025-03-25 CVE-2025-1098 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx.
0.0
0.0
2025-03-25 CVE-2025-1097 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx.
0.0
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Nginx 2 0 3 1 4 8