4 min read
By: RedLegg's Cyber Threat Intelligence Team
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
VULNERABILITIES:
IngressNightmare – Remote Code Execution Vulnerabilities in Ingress NGINX Controller for Kubernetes
CVSS Scores:
CVE-2025-1097: 8.8 (High)
CVE-2025-1098: 8.8 (High)
CVE-2025-24514: 8.8 (High)
CVE-2025-1974: 9.8 (Critical)
Identifiers: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974
Exploit or Proof of Concept (PoC): A proof of concept was recently published yesterday relating to this vulnerability: https://github.com/hakaioffsec/IngressNightmare-PoC
Update: The Kubernetes Security Response Committee has released patches addressing these vulnerabilities (https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974)
Description: The IngressNightmare vulnerabilities affect the Ingress NGINX Controller for Kubernetes, a widely used ingress controller that facilitates external access to services within a Kubernetes cluster. These vulnerabilities arise from improper handling of specific annotations and configurations, allowing attackers to inject malicious configurations into NGINX. Exploitation can lead to unauthorized access to sensitive data and potential cluster takeover. Notably, CVE-2025-1974 enables unauthenticated remote code execution via the admission controller component, posing a critical risk to affected environments.
Mitigation Recommendation: Administrators are strongly advised to upgrade to Ingress NGINX Controller versions 1.12.1 or 1.11.5, which contain fixes for these vulnerabilities. If immediate upgrading is not feasible, consider disabling the admission controller component and ensuring it is not exposed externally. Implementing strict network policies to limit access to the admission controller can also mitigate risk.
Note: Given the critical nature of these vulnerabilities and the potential for cluster compromise, prompt action is essential to secure Kubernetes environments.