Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-1974IngressNightmare: Improper Isolation or Compartmentalization in Ingress-nginx

CWE-653Improper Isolation or Compartmentalization19 documents12 sources
Severity
9.8CRITICALNVD
EPSS
91.6%
top 0.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
K8s.io Ingress-nginxKnime Business HUBKubernetes Ingress-nginx
Timeline
PublishedMar 25
Latest updateFeb 4

Description

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

CVEListV5kubernetes/ingress-nginx1.11.4+1
Gok8s.io/ingress-nginx1.12.0-beta.01.12.1+1
CVEListV5knime/knime_business_hub1.13.01.13.2+3

🔴Vulnerability Details

4
OSV
ingress-nginx admission controller RCE escalation in k8s.io/ingress-nginx2025-03-25
GHSA
ingress-nginx admission controller RCE escalation2025-03-25
OSV
ingress-nginx admission controller RCE escalation2025-03-25
CVEList
ingress-nginx admission controller RCE escalation2025-03-24

💥Exploits & PoCs

4
Exploit-DB
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE2026-02-04
Exploit-DB
Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)2025-06-20
Nuclei
Ingress-Nginx Controller - Unauthenticated Remote Code Execution
Nuclei
Ingress-Nginx Controller - Remote Code Execution

📋Vendor Advisories

5
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (Ingress NGINX Controller) — CVE-2025-19742025-07-15
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (Ingress NGINX Controller) — CVE-2025-19742025-04-15
Red Hat
ingress-nginx: ingress-nginx admission controller RCE escalation2025-03-24
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller2025-03-11
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller2025-03-11

🕵️Threat Intelligence

3
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog2025-03-24
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog2025-03-24
Wiz
Posts by Sagi Tzadik | Wiz2025-03-24
CVE-2025-1974 — IngressNightmare | cvebase