CVE-2025-1974

Kubernetes Ingress NGINX Remote Code Execution Vulnerability

A security vulnerability in Kubernetes exists under certain conditions where an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of secrets accessible to the controller. Unauthenticated attackers can exploit this vulnerability to execute arbitrary code leading to system compromise.

Mitigations

  • Update to the latest version of Ingress NGINX Controller.
  • Ensure the admission webhook endpoint is not exposed externally.
  • Enforce strict network policies so only the Kubernetes API Server can access the admission controller.
  • Temporarily disable the admission controller component of Ingress-NGINX if you cannot upgrade right away.

Rapid Response N-Day Testing

Run the Test Now

🔗 Third party technical blog

🔗 Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes

🔗 Security Update Guide – Microsoft Security Response CenterL®

🔗 CVE-2025-1974: ingress-nginx admission controller RCE escalation

🔗 Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication L

🔗 ‘IngressNightmare’ Vulns Imperil Kubernetes Environments

🔗 NIST Detail

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

Read More

CVE-2023-43208

NextGen Mirth Connect Pre-Auth RCE

Read More

CVE-2023-34992

Fortinet FortiSIEM Command Injection

Read More

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Explore NodeZero

Recognized By