cbcvebase.
CVE-2025-1097
published 2025-03-25

CVE-2025-1097: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to…

PriorityP273high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
34.68%
98.2th percentile
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Affected

5 ranges
VendorProductVersion rangeFixed in
k8s.ioingress-nginx>= 0 < 1.11.51.11.5
k8s.ioingress-nginx>= 1.12.0-beta.0 < 1.12.11.12.1
kubernetesingress-nginx<= 1.11.4
kubernetesingress-nginx
msrcazure_kubernetes_service

Detection & IOCsextracted from sources · hover to see the quote

commandPOST / HTTP/1.1 Host: {{Hostname}} Content-Type: application/json {"kind":"AdmissionReview","apiVersion":"admission.k8s.io/v1","request":{"uid":"{{string}}","kind":{"group":"networking.k8s.io","version":"v1","kind":"Ingress"},"resource":{"group":"networking.k8s.io","version":"v1","resource":"ingresses"},"namespace":"default","operation":"CREATE","userInfo":{"username":"admin"},"object":{"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"name":"{{string}}-auth-tls","namespace":"default","annotations":{"nginx.ingress.kubernetes.io/auth-tls-match-cn":"CN=abc #(\n){}\n }}\nssl_engine /aaa;\n#","nginx.ingress.kubernetes.io/auth-tls-secret":"{{secrets}}"}},"spec":{"ingressClassName":"nginx","rules":[{"host":"test.local","http":{"paths":[{"path":"/","pathType":"Prefix","backend":{"service":{"name":"dummy","port":{"number":80}}}}]}}]}}}}
port8443
filenameevil_engine.so
url/admission
uaqmx-ingress-exploiter
yara
id: CVE-2025-1097 — Nuclei template matching 'AdmissionReview' AND 'could not load the shared library' in HTTP response body
  • Hunt for anomalous processes spawned from the ingress-nginx controller pod, specifically nginx processes with '-t' and 'nginx-cfg' in the command line, which indicate configuration validation being triggered by a potentially injected config.
  • Hunt for Behavioral Indicators in the ingress-nginx namespace or from containers with the ingress-nginx/controller image to detect exploitation activity.
  • Monitor outbound IP connections originating from the ingress-nginx namespace or ingress-nginx/controller containers to detect potential reverse shells or C2 beaconing post-exploitation.
  • Detect exploitation attempts by looking for HTTP POST requests to the admission controller endpoint containing the 'auth-tls-match-cn' annotation with newline injection characters (e.g., CN=abc #(\n){}\n ssl_engine).
  • Flag HTTP responses from the admission controller that contain both 'AdmissionReview' and 'could not load the shared library', which indicates a successful ssl_engine injection probe.
  • Alert on anomalous library loads within the ingress-nginx controller pod, as the exploit compiles and uploads a malicious shared object (evil_engine.so) that is loaded via the ssl_engine NGINX directive.
  • Detect exploit tool fingerprint: HTTP requests to the ingress with User-Agent 'qmx-ingress-exploiter' and Content-Type 'application/octet-stream' with a mismatched (inflated) Content-Length, used to keep the socket open for FD brute-forcing.
  • Detect brute-force FD path traversal attempts: repeated POST requests to the /admission endpoint containing /proc/<pid>/fd/<n> paths in the AdmissionReview payload, indicating FD injection attempts.
  • ·The admission controller is unauthenticated by default, meaning any pod within the cluster network can send arbitrary AdmissionReview requests directly to it without credentials — no prior authentication bypass is needed.
  • ·In the default ingress-nginx installation, the controller's service account has cluster-wide read access to all Secrets, meaning successful RCE immediately yields all cluster secrets across all namespaces.
  • ·The Nuclei detection template targets port 8443 with SSL certificate containing 'ingress-nginx', which is the default admission webhook listener; non-default port configurations will not be caught by this query.
  • ·The exploit's FD brute-force approach iterates /proc/<1–50>/fd/<3–30> by default; detection rules based on fixed PID/FD ranges may miss variants using wider ranges.
  • ·The exploit uses a fake (inflated by 10 bytes) Content-Length header to keep the TCP connection open while the FD brute-force runs concurrently; detection based solely on Content-Length mismatch may produce false positives in other contexts.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.