CVE-2025-1098
published 2025-03-25CVE-2025-1098: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations…
PriorityP277high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
83.07%
99.6th percentile
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| k8s.io | ingress-nginx | >= 0 < 1.11.5 | 1.11.5 |
| k8s.io | ingress-nginx | >= 1.12.0-beta.0 < 1.12.1 | 1.12.1 |
| kubernetes | ingress-nginx | <= 1.11.4 | — |
| kubernetes | ingress-nginx | — | — |
| msrc | azure_kubernetes_service | — | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma↗
event.type = 'Behavioral Indicators' and (k8sCluster.namespace='ingress-nginx' or k8sCluster.containerImage contains 'ingress-nginx/controller')
sigma↗
(k8sCluster.namespace='ingress-nginx' or k8sCluster.containerImage contains 'ingress-nginx/controller') event.type = 'IP Connect' event.network.direction='OUTGOING'
sigma↗
dataSource.name = 'SentinelOne' and endpoint.os = 'linux' and tgt.process.name = 'nginx' and tgt.process.cmdline contains 'nginx-cfg' and tgt.process.cmdline contains ' -t'
- →Monitor for unauthenticated POST requests carrying AdmissionReview JSON bodies sent directly to the admission controller endpoint (port 8443) from pods within the cluster, bypassing the Kubernetes API server. ↗
- →Alert on nginx process invocations with both 'nginx-cfg' and '-t' in the command line, which indicates the configuration validation step being triggered — the point of exploitation. ↗
- →Detect anomalous outbound IP connections originating from the ingress-nginx namespace or containers, which may indicate post-exploitation reverse shell or data exfiltration activity. ↗
- →Detect injection attempts by looking for AdmissionReview requests where the metadata UID field contains newline characters or nginx directives such as 'load_module'. ↗
- →Flag AdmissionReview responses containing both 'AdmissionReview' and 'load_module' alongside the error string 'directive is specified too late', which confirms successful config injection. ↗
- →Hunt for the User-Agent string 'qmx-ingress-exploiter' in HTTP logs, which is used by the public exploit to upload the malicious shared object to the ingress endpoint. ↗
- →Detect creation or loading of shared object files (*.so) from unexpected paths within the ingress-nginx controller pod, particularly files named 'evil_engine.so' or loaded via /proc/PID/fd/ paths. ↗
- →Use Shodan or equivalent internet-scanning tools to identify exposed ingress-nginx admission controllers by querying for SSL certificate containing 'ingress-nginx' on port 8443. ↗
- →Monitor for the presence of the 'nginx.ingress.kubernetes.io/mirror-target' or 'nginx.ingress.kubernetes.io/mirror-host' annotations in ingress objects submitted to the admission controller, especially with values containing special characters or newlines. ↗
- ·By default, the ingress-nginx admission controller is accessible over the network without authentication, making it reachable from any pod in the cluster without credentials. ↗
- ·In the default installation, the ingress-nginx controller runs with a Kubernetes role that grants access to all Secrets cluster-wide, maximizing the blast radius of exploitation. ↗
- ·Disabling the admission webhook (controller.admissionWebhooks.enabled=false) is a temporary mitigation but removes important safeguards for Ingress configurations; it must be re-enabled after patching. ↗
- ·The exploit brute-forces /proc/PID/fd/ file descriptors to locate the uploaded malicious shared object in memory, meaning the attack does not require writing to disk in a persistent manner. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Insights Hub Private Cloud
cisa_ics·2025-04-10·CVSS 8.8
[HIGH] Siemens Insights Hub Private Cloud
ICS Advisory
##
Siemens Insights Hub Private Cloud
Release DateApril 10, 2025
Alert CodeICSA-25-100-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Insights Hub Private Cloud
- Vulnerabilities: Improper Input Validation, Improper Isolation or Compartmentalization
## 2. RI
Red Hat
ingress-nginx: ingress-nginx controller - configuration injection via unsanitized mirror annotations
vendor_redhat·2025-03-24·CVSS 8.8
CVE-2025-1098 [HIGH] CWE-20 ingress-nginx: ingress-nginx controller - configuration injection via unsanitized mirror annotations
ingress-nginx: ingress-nginx controller - configuration injection via unsanitized mirror annotations
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
A flaw was found in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This issue can lead to arbitrary code execu
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1098 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-24514 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-24513 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1974 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1097 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
OSV
ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
osv·2025-03-25
CVE-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx
ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: k8s.io/ingress-nginx before v1.11.5, from v1.12.0-beta.0 before v1.12.1.
GHSA
ingress-nginx controller - configuration injection via unsanitized mirror annotations
ghsa·2025-03-25
CVE-2025-1098 [HIGH] CWE-15 ingress-nginx controller - configuration injection via unsanitized mirror annotations
ingress-nginx controller - configuration injection via unsanitized mirror annotations
A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
OSV
ingress-nginx controller - configuration injection via unsanitized mirror annotations
osv·2025-03-25
CVE-2025-1098 [HIGH] ingress-nginx controller - configuration injection via unsanitized mirror annotations
ingress-nginx controller - configuration injection via unsanitized mirror annotations
A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Suricata
ET WEB_SERVER Kubernetes Ingress NGINX Controller mirror UID Injection (CVE-2025-1098)
suricata·2025-03-25·CVSS 8.8
CVE-2025-1098 [HIGH] ET WEB_SERVER Kubernetes Ingress NGINX Controller mirror UID Injection (CVE-2025-1098)
ET WEB_SERVER Kubernetes Ingress NGINX Controller mirror UID Injection (CVE-2025-1098)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Kubernetes Ingress NGINX Controller mirror UID Injection (CVE-2025-1098)"; flow:established,to_server; http.method; content:"POST"; http.content_type; content:"application/json"; http.request_body; content:"|22|admission.k8s.io/v1|22 2c|"; content:"|22|uid|22 3a|"; pcre:"/^\s*?\x22[^\x22]*?(?:\\n|[\x23\x3b])/R"; content:"|22|nginx.ingress.kubernetes.io/mirror-"; fast_pattern; reference:url,www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities; reference:cve,2025-1098; classtype:web-application-attack; sid:2061042; rev:1; metadata:affected_product Kubernetes, attack_target Server, tls_state TLSDecrypt, created_at 2025_03_25, cve C
Exploit-DB
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
exploitdb·2026-02-04·CVSS 8.8
CVE-2025-24514 [HIGH] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
---
# Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
# Date: 2025-10-07
# Exploit Author: Beatriz Fresno Naumova
# Vendor Homepage: https://kubernetes.io
# Software Link: https://github.com/kubernetes/ingress-nginx
# Version: Affects v1.10.0 to v1.11.1 (potentially others)
# Tested on: Ubuntu 22.04, RKE2 Kubernetes Cluster
# CVE: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974
import os
import sys
import socket
import requests
import threading
from urllib.parse import urlparse
from concurrent.futures import ThreadPoolExecutor
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# --- Embedded malicious shared object template ---
MALICIOUS_C_TEMPLA
Nuclei
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
nuclei·CVSS 8.8
CVE-2025-1098 [HIGH] Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Template:
id: CVE-2025-1098
info:
name: Ingress-Nginx Controller - Configuration Injection via Unsanitized Mirror Annotations
author: UNC1739
severity: high
description: |
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingre
Wiz
Top Wiz Research Blogs: 2025 | Wiz Blog
blogs_wiz·2026-01-30
Top Wiz Research Blogs: 2025 | Wiz Blog
In 2025, the lines between cloud, AI, and software supply chains continued to blur. Wiz Research spent the year tracking how attackers adapted to this shift with the most impactful findings surfacing in three key areas:
Supply chain attacks: The cloud supply chain emerged as the new frontline, accounting for more than half of our most-read investigations in 2025. Malware campaigns evolved to spread silently across CI/CD systems, package registries, and build pipelines – often relying on the wide adoption of npm and GitHub. In 2026, we may see these campaigns extend into IDE extensions and AI artifacts like models, MCP servers, and skills.
AI exposure: Our most-read research post of 2025 was the investigation into an exposed DeepSeek database, kicking off a year shaped by the rapid rollou
Wiz
Top Wiz Research Blogs: 2025 | Wiz Blog
blogs_wiz·2026-01-30
Top Wiz Research Blogs: 2025 | Wiz Blog
In 2025, the lines between cloud, AI, and software supply chains continued to blur. Wiz Research spent the year tracking how attackers adapted to this shift with the most impactful findings surfacing in three key areas:
Supply chain attacks: The cloud supply chain emerged as the new frontline, accounting for more than half of our most-read investigations in 2025. Malware campaigns evolved to spread silently across CI/CD systems, package registries, and build pipelines – often relying on the wide adoption of npm and GitHub. In 2026, we may see these campaigns extend into IDE extensions and AI artifacts like models, MCP servers, and skills.
AI exposure: Our most-read research post of 2025 was the investigation into an exposed DeepSeek database, kicking off a year shaped by the rapid rollou
Sentinelone
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
blogs_sentinelone·2025-04-04
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
As more organizations adopt containerization, Kubernetes adoption is at an all-time high. A key component to any Kubernetes cluster is allowing and managing external traffic to the services organizations are building. Enter, Ingress. As a powerful component and set of resources that expose services to the outside world, Ingress’ power and complexity lends itself to a considerable risk profile when compromised.
In this post, we dive into a grouping of critical vulnerabilities dubbed IngressNightmare and share actionable mitigation and detection strategies, including multiple ways in which SentinelOne’s Singularity Platform can highlight both IngressNightmare vulnerability exposure and possible exploitation in runtime.
Beyond this specific security risk, given understanding challenges in I
Sentinelone
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
blogs_sentinelone·2025-04-04
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
As more organizations adopt containerization, Kubernetes adoption is at an all-time high. A key component to any Kubernetes cluster is allowing and managing external traffic to the services organizations are building. Enter, Ingress. As a powerful component and set of resources that expose services to the outside world, Ingress’ power and complexity lends itself to a considerable risk profile when compromised.
In this post, we dive into a grouping of critical vulnerabilities dubbed IngressNightmare and share actionable mitigation and detection strategies, including multiple ways in which SentinelOne’s Singularity Platform can highlight both IngressNightmare vulnerability exposure and possible exploitation in runtime.
Beyond this specific security risk, given understanding challenges in I
Wiz
Crying Out Cloud Newsletter - April 2025 | Wiz
blogs_wiz·2025-04-01·CVSS 9.8
CVE-2025-24813 [CRITICAL] Crying Out Cloud Newsletter - April 2025 | Wiz
Welcome back! In this edition, we bring you the latest in cloud security – noteworthy incidents, exclusive data, and crucial vulnerabilities. Let's dive in.
Here are our top picks of cloud security highlights!
Hype or no hype - RCE Vulnerability in Apache Tomcat Exploited in-the-Wild
CVE-2025-24813 is a remote code execution (RCE) vulnerability affecting Apache Tomcat. Under specific conditions, an attacker can upload a malicious session file via a partial PUT request and trigger its execution, potentially leading to full server compromise. The exploit requires several preconditions to be met, including specific server configurations and the presence of a deserialization-vulnerable library. While active exploitation has reportedly been observed in the wild, we estimate that in practice,
Tenable
Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
blogs_tenable·2025-03-28
Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
blogs_wiz·2025-03-24·CVSS 8.8
CVE-2025-1097 [HIGH] CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare . Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.
This attack vector has been assigned a CVSS v3.1 base score of 9.8.
In this blog post, we share key learnings from our discovery of IngressNightmare , affecting the admission controller component of Ingress NGINX Controller for Kubernetes. Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering over 6,500 clusters,
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
blogs_wiz·2025-03-24·CVSS 8.8
CVE-2025-1097 [HIGH] CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.
This attack vector has been assigned a CVSS v3.1 base score of 9.8.
In this blog post, we share key learnings from our discovery of IngressNightmare, affecting the admission controller component of Ingress NGINX Controller for Kubernetes. Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering over 6,500 clusters, i
Tenable
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
blogs_tenable·2025-03-24·CVSS 8.8
[HIGH] CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Zscaler
CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more | CXO Revolutionaries
blogs_zscaler
CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more | CXO Revolutionaries
## CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more
Deepen Desai
Contributor
Zscaler
## Apr 1, 2025
The March edition of the CXO Monthly Roundup from Zscaler ThreatLabz.
Welcome to the new CXO Monthly Roundup, an expansion from "CISO" due to the interest in this ongoing series from all technical C-level readers. We feature the latest threat research from the Zscaler ThreatLabz team and other cybersecurity insights.
In this edition, we unpack the highlights from our recent 2025 AI Security Report, which contains relevant insights for the entire enterprise. Plus, read our technical analysis of the CoffeeLoader malware, learn about recently discovered vulnerabilities, and explore emerging threats.
## Zscaler ThreatLabz 2025 AI Security Report: Balan
2025-03-25
Published