CVE-2025-1974
Kubernetes Ingress NGINX Remote Code Execution Vulnerability
A security vulnerability in Kubernetes exists under certain conditions where an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of secrets accessible to the controller. Unauthenticated attackers can exploit this vulnerability to execute arbitrary code leading to system compromise.
Mitigations
- Update to the latest version of Ingress NGINX Controller.
- Ensure the admission webhook endpoint is not exposed externally.
- Enforce strict network policies so only the Kubernetes API Server can access the admission controller.
- Temporarily disable the admission controller component of Ingress-NGINX if you cannot upgrade right away.
Rapid Response N-Day Testing

๐ Third party technical blog
๐ Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes
๐ Security Update Guide – Microsoft Security Response CenterLยฎ
๐ CVE-2025-1974: ingress-nginx admission controller RCE escalation
๐ Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication L
๐ ‘IngressNightmare’ Vulns Imperil Kubernetes Environments
๐ NIST Detail