CVE-2025-24514
published 2025-03-25CVE-2025-24514: A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject…
PriorityP273high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
31.81%
98.1th percentile
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| k8s.io | ingress-nginx | >= 0 < 1.11.5 | 1.11.5 |
| k8s.io | ingress-nginx | >= 1.12.0-beta.0 < 1.12.1 | 1.12.1 |
| kubernetes | ingress-nginx | <= 1.11.4 | — |
| kubernetes | ingress-nginx | — | — |
| msrc | azure_kubernetes_service | — | — |
Detection & IOCsextracted from sources · hover to see the quote
port8443
commandPOST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"kind": "AdmissionReview", "apiVersion": "admission.k8s.io/v1", ..."nginx.ingress.kubernetes.io/auth-url": "http://example.com#;load_module test;\n"...}
- →Hunt for anomalous processes spawned from the ingress-nginx controller pod, specifically nginx processes executing with '-t' flag against a temporary config file, which indicates config validation abuse. ↗
- →Detect behavioral indicators in the ingress-nginx namespace to identify exploitation attempts. ↗
- →Monitor outbound IP connections from ingress-nginx pods to detect post-exploitation C2 or reverse shell activity. ↗
- →Detect unauthenticated AdmissionReview POST requests sent directly to the admission controller endpoint (port 8443) from non-API-server sources, especially containing the auth-url annotation with injection payloads like load_module directives.
- →Match HTTP responses from the admission controller containing both 'AdmissionReview' and 'directive is not allowed here' and 'load_module' to confirm injection attempt was processed.
- →Flag anomalous shared library loads within the ingress-nginx controller pod, which may indicate exploitation via the load_module injection technique. ↗
- →Use Shodan to identify publicly exposed ingress-nginx admission controllers for attack surface enumeration.
- →Detect exploit tool activity by hunting for the User-Agent string 'qmx-ingress-exploiter' in HTTP logs. ↗
- →Monitor for brute-force enumeration of /proc/{pid}/fd/{fd} paths in admission controller requests, a technique used to locate uploaded malicious shared objects in memory. ↗
- ·The admission controller is accessible over the network without authentication by default, making it reachable from any pod in the cluster without credentials. ↗
- ·The vulnerability is specifically in the auth-url annotation handling: the $externalAuth.URL value is incorporated into the NGINX config without proper sanitization. ↗
- ·Affected versions include all versions prior to v1.11.0, versions v1.11.0 through v1.11.4, and version v1.12.0. Fixed in v1.11.5 and v1.12.1. ↗
- ·Disabling the admission controller (controller.admissionWebhooks.enabled=false) is a temporary mitigation but removes important safeguards; re-enable after patching. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens Insights Hub Private Cloud
cisa_ics·2025-04-10·CVSS 8.8
[HIGH] Siemens Insights Hub Private Cloud
ICS Advisory
##
Siemens Insights Hub Private Cloud
Release DateApril 10, 2025
Alert CodeICSA-25-100-05
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Insights Hub Private Cloud
- Vulnerabilities: Improper Input Validation, Improper Isolation or Compartmentalization
## 2. RI
Red Hat
ingress-nginx: ingress-nginx controller - configuration injection via unsanitized auth-url annotation
vendor_redhat·2025-03-24·CVSS 8.8
CVE-2025-24514 [HIGH] CWE-20 ingress-nginx: ingress-nginx controller - configuration injection via unsanitized auth-url annotation
ingress-nginx: ingress-nginx controller - configuration injection via unsanitized auth-url annotation
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
A flaw was found in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This issue can lead to arbitrary code execution in the context of the ingress-nginx controller and disclosure
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1098 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-24514 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-24513 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1974 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
Microsoft
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
vendor_msrc·2025-03-11·CVSS 8.8
CVE-2025-1097 [HIGH] Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
Description: Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources.
Azure Kubernetes Service (AKS) is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513.
Customers running this controller on their AKS clusters are advised to update to the latest patched versions (v1.11.5 and v1.12.1) to mitigate potential risks.
FAQ: Why are we publishing this Kubernetes CVE in the Security Update Guide?
We are republishing these CVEs because on March 24, 2025, the Kubernetes SRC (Security Response Committee) published 5 CVEs that disclose vulnera
OSV
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
osv·2025-03-25
CVE-2025-24514 [HIGH] ingress-nginx controller - configuration injection via unsanitized auth-url annotation
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
GHSA
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
ghsa·2025-03-25
CVE-2025-24514 [HIGH] CWE-15 ingress-nginx controller - configuration injection via unsanitized auth-url annotation
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
OSV
ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx
osv·2025-03-25
CVE-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx
ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx
ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: k8s.io/ingress-nginx before v1.11.5, from v1.12.0-beta.0 before v1.12.1.
Suricata
ET WEB_SERVER Kubernetes Ingress NGINX Controller auth-url Annotation Injection (CVE-2025-24514)
suricata·2025-03-25·CVSS 8.8
CVE-2025-24514 [HIGH] ET WEB_SERVER Kubernetes Ingress NGINX Controller auth-url Annotation Injection (CVE-2025-24514)
ET WEB_SERVER Kubernetes Ingress NGINX Controller auth-url Annotation Injection (CVE-2025-24514)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SERVER Kubernetes Ingress NGINX Controller auth-url Annotation Injection (CVE-2025-24514)"; flow:established,to_server; http.method; content:"POST"; http.content_type; content:"application/json"; http.request_body; content:"|22|admission.k8s.io/v1|22 2c|"; content:"|22|nginx.ingress.kubernetes.io/auth-url|22 3a|"; fast_pattern; pcre:"/^\s*?\x22[^\x22]*?(?:\\n|[\x23\x3b])/R"; reference:url,www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities; reference:cve,2025-24514; classtype:web-application-attack; sid:2061040; rev:1; metadata:affected_product Kubernetes, attack_target Server, tls_state TLSDecrypt, created_at 2025_03_25, cv
Exploit-DB
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
exploitdb·2026-02-04·CVSS 8.8
CVE-2025-24514 [HIGH] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
---
# Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
# Date: 2025-10-07
# Exploit Author: Beatriz Fresno Naumova
# Vendor Homepage: https://kubernetes.io
# Software Link: https://github.com/kubernetes/ingress-nginx
# Version: Affects v1.10.0 to v1.11.1 (potentially others)
# Tested on: Ubuntu 22.04, RKE2 Kubernetes Cluster
# CVE: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974
import os
import sys
import socket
import requests
import threading
from urllib.parse import urlparse
from concurrent.futures import ThreadPoolExecutor
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# --- Embedded malicious shared object template ---
MALICIOUS_C_TEMPLA
Nuclei
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
nuclei·CVSS 8.8
CVE-2025-24514 [HIGH] Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Template:
id: CVE-2025-24514
info:
name: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-
Wiz
Top Wiz Research Blogs: 2025 | Wiz Blog
blogs_wiz·2026-01-30
Top Wiz Research Blogs: 2025 | Wiz Blog
In 2025, the lines between cloud, AI, and software supply chains continued to blur. Wiz Research spent the year tracking how attackers adapted to this shift with the most impactful findings surfacing in three key areas:
Supply chain attacks: The cloud supply chain emerged as the new frontline, accounting for more than half of our most-read investigations in 2025. Malware campaigns evolved to spread silently across CI/CD systems, package registries, and build pipelines – often relying on the wide adoption of npm and GitHub. In 2026, we may see these campaigns extend into IDE extensions and AI artifacts like models, MCP servers, and skills.
AI exposure: Our most-read research post of 2025 was the investigation into an exposed DeepSeek database, kicking off a year shaped by the rapid rollou
Wiz
Top Wiz Research Blogs: 2025 | Wiz Blog
blogs_wiz·2026-01-30
Top Wiz Research Blogs: 2025 | Wiz Blog
In 2025, the lines between cloud, AI, and software supply chains continued to blur. Wiz Research spent the year tracking how attackers adapted to this shift with the most impactful findings surfacing in three key areas:
Supply chain attacks: The cloud supply chain emerged as the new frontline, accounting for more than half of our most-read investigations in 2025. Malware campaigns evolved to spread silently across CI/CD systems, package registries, and build pipelines – often relying on the wide adoption of npm and GitHub. In 2026, we may see these campaigns extend into IDE extensions and AI artifacts like models, MCP servers, and skills.
AI exposure: Our most-read research post of 2025 was the investigation into an exposed DeepSeek database, kicking off a year shaped by the rapid rollou
Sentinelone
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
blogs_sentinelone·2025-04-04
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
As more organizations adopt containerization, Kubernetes adoption is at an all-time high. A key component to any Kubernetes cluster is allowing and managing external traffic to the services organizations are building. Enter, Ingress. As a powerful component and set of resources that expose services to the outside world, Ingress’ power and complexity lends itself to a considerable risk profile when compromised.
In this post, we dive into a grouping of critical vulnerabilities dubbed IngressNightmare and share actionable mitigation and detection strategies, including multiple ways in which SentinelOne’s Singularity Platform can highlight both IngressNightmare vulnerability exposure and possible exploitation in runtime.
Beyond this specific security risk, given understanding challenges in I
Sentinelone
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
blogs_sentinelone·2025-04-04
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
As more organizations adopt containerization, Kubernetes adoption is at an all-time high. A key component to any Kubernetes cluster is allowing and managing external traffic to the services organizations are building. Enter, Ingress. As a powerful component and set of resources that expose services to the outside world, Ingress’ power and complexity lends itself to a considerable risk profile when compromised.
In this post, we dive into a grouping of critical vulnerabilities dubbed IngressNightmare and share actionable mitigation and detection strategies, including multiple ways in which SentinelOne’s Singularity Platform can highlight both IngressNightmare vulnerability exposure and possible exploitation in runtime.
Beyond this specific security risk, given understanding challenges in I
Wiz
Crying Out Cloud Newsletter - April 2025 | Wiz
blogs_wiz·2025-04-01·CVSS 9.8
CVE-2025-24813 [CRITICAL] Crying Out Cloud Newsletter - April 2025 | Wiz
Welcome back! In this edition, we bring you the latest in cloud security – noteworthy incidents, exclusive data, and crucial vulnerabilities. Let's dive in.
Here are our top picks of cloud security highlights!
Hype or no hype - RCE Vulnerability in Apache Tomcat Exploited in-the-Wild
CVE-2025-24813 is a remote code execution (RCE) vulnerability affecting Apache Tomcat. Under specific conditions, an attacker can upload a malicious session file via a partial PUT request and trigger its execution, potentially leading to full server compromise. The exploit requires several preconditions to be met, including specific server configurations and the presence of a deserialization-vulnerable library. While active exploitation has reportedly been observed in the wild, we estimate that in practice,
Tenable
Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
blogs_tenable·2025-03-28
Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
blogs_wiz·2025-03-24·CVSS 8.8
CVE-2025-1097 [HIGH] CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare . Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.
This attack vector has been assigned a CVSS v3.1 base score of 9.8.
In this blog post, we share key learnings from our discovery of IngressNightmare , affecting the admission controller component of Ingress NGINX Controller for Kubernetes. Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering over 6,500 clusters,
Wiz
CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
blogs_wiz·2025-03-24·CVSS 8.8
CVE-2025-1097 [HIGH] CVE-2025-1974: The IngressNightmare in Kubernetes | Wiz Blog
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover.
This attack vector has been assigned a CVSS v3.1 base score of 9.8.
In this blog post, we share key learnings from our discovery of IngressNightmare, affecting the admission controller component of Ingress NGINX Controller for Kubernetes. Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering over 6,500 clusters, i
Tenable
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
blogs_tenable·2025-03-24·CVSS 8.8
[HIGH] CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Zscaler
CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more | CXO Revolutionaries
blogs_zscaler
CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more | CXO Revolutionaries
## CXO Monthly Roundup, March 2025: AI Security Report, CoffeeLoader analysis, and more
Deepen Desai
Contributor
Zscaler
## Apr 1, 2025
The March edition of the CXO Monthly Roundup from Zscaler ThreatLabz.
Welcome to the new CXO Monthly Roundup, an expansion from "CISO" due to the interest in this ongoing series from all technical C-level readers. We feature the latest threat research from the Zscaler ThreatLabz team and other cybersecurity insights.
In this edition, we unpack the highlights from our recent 2025 AI Security Report, which contains relevant insights for the entire enterprise. Plus, read our technical analysis of the CoffeeLoader malware, learn about recently discovered vulnerabilities, and explore emerging threats.
## Zscaler ThreatLabz 2025 AI Security Report: Balan
2025-03-25
Published