CVE-2025-24513 — Improper Input Validation in Ingress-nginx
Severity
4.8MEDIUMNVD
EPSS
0.1%
top 79.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 25
Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 2.2 | Impact: 2.5
Affected Packages2 packages
🔴Vulnerability Details
4OSV▶
ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx↗2025-03-25
📋Vendor Advisories
6Red Hat
▶