Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-1098Improper Input Validation in Ingress-nginx

CWE-20Improper Input ValidationCWE-15External Control of System or Configuration Setting13 documents11 sources
Severity
8.8HIGHNVD
EPSS
33.7%
top 3.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
K8s.io Ingress-nginxKubernetes Ingress-nginx
Timeline
PublishedMar 25
Latest updateFeb 4

Description

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5kubernetes/ingress-nginx1.11.4+1
Gok8s.io/ingress-nginx1.12.0-beta.01.12.1+1

🔴Vulnerability Details

4
OSV
ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx2025-03-25
GHSA
ingress-nginx controller - configuration injection via unsanitized mirror annotations2025-03-25
OSV
ingress-nginx controller - configuration injection via unsanitized mirror annotations2025-03-25
CVEList
ingress-nginx controller - configuration injection via unsanitized mirror annotations2025-03-24

💥Exploits & PoCs

2
Exploit-DB
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE2026-02-04
Nuclei
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations

🔍Detection Rules

1
Suricata
ET WEB_SERVER Kubernetes Ingress NGINX Controller mirror UID Injection (CVE-2025-1098)2025-03-25

📋Vendor Advisories

2
Red Hat
ingress-nginx: ingress-nginx controller - configuration injection via unsanitized mirror annotations2025-03-24
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller2025-03-11

🕵️Threat Intelligence

2
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog2025-03-24
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog2025-03-24
CVE-2025-1098 — Improper Input Validation | cvebase