Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2025-1097 — Improper Input Validation in Ingress-nginx
Severity
8.8HIGHNVD
EPSS
20.8%
top 4.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedMar 25
Latest updateFeb 4
Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages2 packages
🔴Vulnerability Details
4OSV▶
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation in k8s.io/ingress-nginx↗2025-03-25
GHSA▶
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation↗2025-03-25
OSV▶
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation↗2025-03-25
CVEList▶
ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation↗2025-03-24
💥Exploits & PoCs
2Nuclei▶
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation
🔍Detection Rules
1Suricata▶
ET WEB_SERVER Kubernetes Ingress NGINX Controller auth-tls-match-cn Annotation Injection (CVE-2025-1097)↗2025-03-25
📋Vendor Advisories
4Red Hat▶
ingress-nginx: ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation↗2025-03-24