CVE-2025-1974
published 2025-03-26CVE-2025-1974: KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the…
PriorityP187critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
99.10%
99.9th percentile
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.
Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub:
* 1.13.3 or above
* 1.12.4 or above
* 1.11.4 or above
* 1.10.4 or above
*
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| k8s.io | ingress-nginx | >= 0 < 1.11.5 | 1.11.5 |
| k8s.io | ingress-nginx | >= 1.12.0-beta.0 < 1.12.1 | 1.12.1 |
| knime | business_hub | >= 1.10.0 < 1.10.4 | 1.10.4 |
| knime | business_hub | >= 1.11.0 < 1.11.4 | 1.11.4 |
| knime | business_hub | >= 1.12.0 < 1.12.4 | 1.12.4 |
| knime | business_hub | >= 1.13.0 < 1.13.3 | 1.13.3 |
| knime | knime_business_hub | <= 1.10.3 | — |
| knime | knime_business_hub | 1.11.0 – 1.11.3 | — |
| knime | knime_business_hub | 1.12.0 – 1.12.3 | — |
| knime | knime_business_hub | 1.13.0 – 1.13.2 | — |
| msrc | azure_kubernetes_service | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Hunt for anomalous process executions originating from the ingress-nginx namespace or container image, specifically nginx processes spawned with '-t' (config test) flags that may indicate exploitation of the admission controller RCE path. ↗
- →Hunt for behavioral indicators in the ingress-nginx namespace to detect exploitation activity. ↗
- →Monitor outbound IP connections from ingress-nginx pods to detect potential reverse shell or C2 callbacks post-exploitation. ↗
- →Alert on anomalous library loads within the ingress-nginx controller pod, which may indicate exploitation via injected ssl_engine or similar NGINX directives. ↗
- →Detect malicious AdmissionReview requests sent directly to the admission controller (not from the Kubernetes API server) — unauthenticated HTTP requests to the webhook endpoint from arbitrary pods are a strong exploitation indicator. ↗
- →FortiGuard IPS signature available for this CVE: Kubernetes.Ingress.NGINX.Controller.Remote.Code.Execution ↗
- →Detect injection of ssl_engine directive in NGINX configuration via crafted Ingress annotations as an exploitation indicator. ↗
- ·The admission controller is accessible over the network without authentication by default, making it reachable from any pod in the cluster network — this is the core exploitable condition. ↗
- ·Disabling the admission webhook (controller.admissionWebhooks.enabled=false) is a temporary mitigation but removes important safeguards for Ingress configurations; re-enable after patching. ↗
- ·In KNIME Business Hub deployments, the affected component is only reachable from within the cluster (requires an authenticated user), slightly reducing severity compared to publicly exposed deployments. ↗
- ·CVE-2025-24513 is different in nature from the other IngressNightmare chain CVEs and does not lead to RCE. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_oracle9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x237-489c-52j2: KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a
ghsa_unreviewed·2025-03-26·CVSS 9.8
CVE-2025-2787 [CRITICAL] CWE-94 GHSA-x237-489c-52j2: KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a
KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower.
Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub:
* 1.13.3 or above
* 1.12.4 or above
* 1.11.4 or above
* 1.10.4 or above
*
OSV
ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx
osv·2025-03-25
CVE-2025-1974 ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx
ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx
ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: k8s.io/ingress-nginx before v1.11.5, from v1.12.0-beta.0 before v1.12.1.
GHSA
ingress-nginx admission controller RCE escalation
ghsa·2025-03-25
CVE-2025-1974 [CRITICAL] CWE-653 ingress-nginx admission controller RCE escalation
ingress-nginx admission controller RCE escalation
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
OSV
ingress-nginx admission controller RCE escalation
osv·2025-03-25
CVE-2025-1974 [CRITICAL] ingress-nginx admission controller RCE escalation
ingress-nginx admission controller RCE escalation
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Ingress NGINX Controller) — CVE-2025-1974
vendor_oracle·2025-07-15·CVSS 7.2
CVE-2025-1974 [CRITICAL] Oracle Oracle Communications Applications Risk Matrix: Core (Ingress NGINX Controller) — CVE-2025-1974
Oracle Oracle Communications Applications Risk Matrix: Core (Ingress NGINX Controller) vulnerability
CVE: CVE-2025-1974
CVSS: 7.2
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpujul2025 (JUL 2025)
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (Ingress NGINX Controller) — CVE-2025-1974
vendor_oracle·2025-04-15·CVSS 9.8
CVE-2025-1974 [CRITICAL] Oracle Oracle Communications Risk Matrix: Configuration (Ingress NGINX Controller) — CVE-2025-1974
Oracle Oracle Communications Risk Matrix: Configuration (Ingress NGINX Controller) vulnerability
CVE: CVE-2025-1974
CVSS: 9.8
Protocol: TCP
Remote exploit: Yes
Affected versions: Network
Advisory: cpuapr2025 (APR 2025)
CISA ICS
Siemens Insights Hub Private Cloud
cisa_ics·2025-04-10·CVSS 8.8
[HIGH] Siemens Insights Hub Private Cloud
ICS Advisory
##
Siemens Insights Hub Private Cloud
Release DateApril 10, 2025
Alert CodeICSA-25-100-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Insights Hub Private Cloud
- Vulnerabilities: Improper Input Validation, Improper Isolation or Compartmentalization
## 2. RI
Red Hat
ingress-nginx: ingress-nginx admission controller RCE escalation
vendor_redhat·2025-03-24·CVSS 9.8
CVE-2025-1974 [CRITICAL] CWE-653 ingress-nginx: ingress-nginx admission controller RCE escalation
ingress-nginx: ingress-nginx admission controller RCE escalation
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
A flaw was found in Kubernetes where, under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This issue can lead to the disclosure of Secrets accessible to the controller. Note that the controller can access all Secrets cluster-wide i
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1098 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-24514 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-24513 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1974 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1097 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
No detection rules found.
Exploit-DB
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
exploitdb·2026-02-04·CVSS 8.8
CVE-2025-24514 [HIGH] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
---
# Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
# Date: 2025-10-07
# Exploit Author: Beatriz Fresno Naumova
# Vendor Homepage: https://kubernetes.io
# Software Link: https://github.com/kubernetes/ingress-nginx
# Version: Affects v1.10.0 to v1.11.1 (potentially others)
# Tested on: Ubuntu 22.04, RKE2 Kubernetes Cluster
# CVE: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974
import os
import sys
import socket
import requests
import threading
from urllib.parse import urlparse
from concurrent.futures import ThreadPoolExecutor
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# --- Embedded malicious shared object template ---
MALICIOUS_C_TEMPLA
Exploit-DB
Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
exploitdb·2025-06-20·CVSS 9.8
CVE-2025-1974 [CRITICAL] Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
---
# Exploit Title: Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)
# Google Dork: N/A
# Date: 2025-06-19
# Exploit Author: Likhith Appalaneni
# Vendor Homepage: https://kubernetes.github.io/ingress-nginx/
# Software Link: https://github.com/kubernetes/ingress-nginx
# Version: ingress-nginx v4.11.0 on Kubernetes v1.29.0 (Minikube)
# Tested on: Ubuntu 24.04, Minikube vLatest, Docker vLatest
# CVE : CVE-2025-1974
1) Update the attacker ip and listening port in shell.c and Compile the shell payload:
gcc -fPIC -shared -o shell.so shell.c
2) Run the exploit:
python3 exploit.py
The exploit sends a crafted AdmissionRequest to the vulnerable Ingress-NGINX webhook and loads the shell.so to achieve code execution.
shell.c
#include
__attri
Nuclei
Ingress-Nginx Controller - Unauthenticated Remote Code Execution
nuclei·CVSS 9.8
CVE-2025-1974 [CRITICAL] Ingress-Nginx Controller - Unauthenticated Remote Code Execution
Ingress-Nginx Controller - Unauthenticated Remote Code Execution
A security issue was discovered in ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller
Template:
id: CVE-2025-1974-k8s
info:
name: Ingress-Nginx Controller - Unauthenticated Remote Code Execution
author: princechaddha
severity: critical
description: A security issue was discovered in ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t
Nuclei
Ingress-Nginx Controller - Remote Code Execution
nuclei·CVSS 9.8
CVE-2025-1974 [CRITICAL] Ingress-Nginx Controller - Remote Code Execution
Ingress-Nginx Controller - Remote Code Execution
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Template:
id: CVE-2025-1974
info:
name: Ingress-Nginx Controller - Remote Code Execution
author: iamnoooob,rootxharsh,pdresearch,UNC1739
severity: critical
description: |
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of
Wiz
Top Wiz Research Blogs: 2025 | Wiz Blog
blogs_wiz·2026-01-30
Top Wiz Research Blogs: 2025 | Wiz Blog
In 2025, the lines between cloud, AI, and software supply chains continued to blur. Wiz Research spent the year tracking how attackers adapted to this shift with the most impactful findings surfacing in three key areas:
Supply chain attacks: The cloud supply chain emerged as the new frontline, accounting for more than half of our most-read investigations in 2025. Malware campaigns evolved to spread silently across CI/CD systems, package registries, and build pipelines – often relying on the wide adoption of npm and GitHub. In 2026, we may see these campaigns extend into IDE extensions and AI artifacts like models, MCP servers, and skills.
AI exposure: Our most-read research post of 2025 was the investigation into an exposed DeepSeek database, kicking off a year shaped by the rapid rollou
Wiz
Top Wiz Research Blogs: 2025 | Wiz Blog
blogs_wiz·2026-01-30
Top Wiz Research Blogs: 2025 | Wiz Blog
In 2025, the lines between cloud, AI, and software supply chains continued to blur. Wiz Research spent the year tracking how attackers adapted to this shift with the most impactful findings surfacing in three key areas:
Supply chain attacks: The cloud supply chain emerged as the new frontline, accounting for more than half of our most-read investigations in 2025. Malware campaigns evolved to spread silently across CI/CD systems, package registries, and build pipelines – often relying on the wide adoption of npm and GitHub. In 2026, we may see these campaigns extend into IDE extensions and AI artifacts like models, MCP servers, and skills.
AI exposure: Our most-read research post of 2025 was the investigation into an exposed DeepSeek database, kicking off a year shaped by the rapid rollou
Fortinet
IngressNightmare: Understanding CVE‑2025‑1974 in Kubernetes Ingress-NGINX | FortiGuard Labs
blogs_fortinet·2025-04-23
IngressNightmare: Understanding CVE‑2025‑1974 in Kubernetes Ingress-NGINX | FortiGuard Labs
FORTIGUARD LABS THREAT RESEARCH
IngressNightmare: Understanding CVE‑2025‑1974 in Kubernetes Ingress-NGINX
LACEWORK FORTICNAPP EXPERIENCED AN INCIDENT?
Quick Summary of the IngressNightmare CVEs
Why Network Access Matters
Attack Flow at a Glance
Mitigations Summary
How to Detect IngressNightmare Exploits
Lacework FortiCNAPP Detection
Fortinet Security Fabric Coverage
Conclusion
Fortinet Protections
By Jamie Mcmurray | April 23, 2025
Affected Platforms: Ingress-NGINX Containers v1.11.0-4, v1.12.0, /fd/ even after it’s marked for deletion because it stays accessible through the open file descriptor.
Inject malicious NGINX directives (e.g., ssl_engine) via carefully crafted Ingress annotations.
Trigger a reverse shell from within the ingress controller pod, inheriting that pod’s service acco
Qualys
Oracle Critical Patch Update, April 2025 Security Update Review
blogs_qualys·2025-04-16
Oracle Critical Patch Update, April 2025 Security Update Review
## Table of Contents
Qualys QID Coverage
Notable Oracle Vulnerabilities Patched
Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 s ecurity vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 103, constituting about 27% of the total patches released. Oracle MySQL and Oracle Communications Applications followed, with 43 and 42 security patches.
300 of the 378 security patches provided by the April Critical Patch Update (about 79%) are for non-Ora
Qualys
Oracle Critical Patch Update, April 2025 Security Update Review | Qualys
blogs_qualys·2025-04-16
Oracle Critical Patch Update, April 2025 Security Update Review | Qualys
#### Table of Contents
- Qualys QID Coverage
- Notable Oracle Vulnerabilities Patched
Oracle released its first quarterly edition of this year’s Critical Patch Update. The update received patches for 378 security vulnerabilities. Some of the vulnerabilities addressed in this update impact more than one product. These patches address vulnerabilities in various product families, including third-party components in Oracle products.
In this quarterly Oracle Critical Patch Update, Oracle Communications received the highest number of patches, 103, constituting about 27% of the total patches released. Oracle MySQL and Oracle Communications Applications followed, with 43 and 42 security patches.
300 of the 378 security patches provided by the April Critical Patch Update (about 79%) are for non
Sentinelone
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
blogs_sentinelone·2025-04-04
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
As more organizations adopt containerization, Kubernetes adoption is at an all-time high. A key component to any Kubernetes cluster is allowing and managing external traffic to the services organizations are building. Enter, Ingress. As a powerful component and set of resources that expose services to the outside world, Ingress’ power and complexity lends itself to a considerable risk profile when compromised.
In this post, we dive into a grouping of critical vulnerabilities dubbed IngressNightmare and share actionable mitigation and detection strategies, including multiple ways in which SentinelOne’s Singularity Platform can highlight both IngressNightmare vulnerability exposure and possible exploitation in runtime.
Beyond this specific security risk, given understanding challenges in I
Sentinelone
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
blogs_sentinelone·2025-04-04
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
As more organizations adopt containerization, Kubernetes adoption is at an all-time high. A key component to any Kubernetes cluster is allowing and managing external traffic to the services organizations are building. Enter, Ingress. As a powerful component and set of resources that expose services to the outside world, Ingress’ power and complexity lends itself to a considerable risk profile when compromised.
In this post, we dive into a grouping of critical vulnerabilities dubbed IngressNightmare and share actionable mitigation and detection strategies, including multiple ways in which SentinelOne’s Singularity Platform can highlight both IngressNightmare vulnerability exposure and possible exploitation in runtime.
Beyond this specific security risk, given understanding challenges in I
Wiz
Crying Out Cloud Newsletter - April 2025 | Wiz
blogs_wiz·2025-04-01·CVSS 9.8
CVE-2025-24813 [CRITICAL] Crying Out Cloud Newsletter - April 2025 | Wiz
Welcome back! In this edition, we bring you the latest in cloud security – noteworthy incidents, exclusive data, and crucial vulnerabilities. Let's dive in.
Here are our top picks of cloud security highlights!
Hype or no hype - RCE Vulnerability in Apache Tomcat Exploited in-the-Wild
CVE-2025-24813 is a remote code execution (RCE) vulnerability affecting Apache Tomcat. Under specific conditions, an attacker can upload a malicious session file via a partial PUT request and trigger its execution, potentially leading to full server compromise. The exploit requires several preconditions to be met, including specific server configurations and the presence of a deserialization-vulnerable library. While active exploitation has reportedly been observed in the wild, we estimate that in practice,
Tenable
Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
blogs_tenable·2025-03-28
Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
blogs_wiz·2025-03-24·CVSS 8.8
CVE-2025-1097 [HIGH] CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare . Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.
This attack vector has been assigned a CVSS v3.1 base score of 9.8.
In this blog post, we share key learnings from our discovery of IngressNightmare , affecting the admission controller component of Ingress NGINX Controller for Kubernetes. Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering over 6,500 clusters,
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
blogs_wiz·2025-03-24·CVSS 8.8
CVE-2025-1097 [HIGH] CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.
This attack vector has been assigned a CVSS v3.1 base score of 9.8.
In this blog post, we share key learnings from our discovery of IngressNightmare, affecting the admission controller component of Ingress NGINX Controller for Kubernetes. Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering over 6,500 clusters, i
Tenable
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
blogs_tenable·2025-03-24·CVSS 8.8
[HIGH] CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
Posts by Sagi Tzadik | Wiz
blogs_wiz·2025-03-24·CVSS 9.8
CVE-2025-1974 [CRITICAL] Posts by Sagi Tzadik | Wiz
## IngressNightmare: CVE-2025-1974 - 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
Over 40% of cloud environments are vulnerable to RCE, likely leading to a complete cluster takeover.
Zscaler
CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more | CXO Revolutionaries
blogs_zscaler
CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more | CXO Revolutionaries
## CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more
Deepen Desai
Contributor
Zscaler
## Apr 1, 2025
The March edition of the CXO Monthly Roundup from Zscaler ThreatLabz.
Welcome to the new CXO Monthly Roundup, an expansion from "CISO" due to the interest in this ongoing series from all technical C-level readers. We feature the latest threat research from the Zscaler ThreatLabz team and other cybersecurity insights.
In this edition, we unpack the highlights from our recent 2025 AI Security Report, which contains relevant insights for the entire enterprise. Plus, read our technical analysis of the CoffeeLoader malware, learn about recently discovered vulnerabilities, and explore emerging threats.
## Zscaler ThreatLabz 2025 AI Security Report: Balan
Greynoiseio
NoiseLetter March 2025
blogs_greynoiseio
NoiseLetter March 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2025-03-26
Published