Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

We are monitoring a series of vulnerabilities in the Ingress NGINX Controller for Kubernetes, dubbed IngressNightmare. Organizations are advised to apply available patches.

The version of Ingres-NGINX controller installed on the remote host is prior to 1.11.5/1.12.1. It is, therefore, affected by multiple vulnerabilities as referenced as Ingress Nightmare.

  - A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with     access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This     can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the     controller can access all Secrets cluster-wide.) (CVE-2025-1974)

  - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the     `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx.     This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets     accessible to the controller. (Note that in the default installation, the controller can access     all Secrets cluster-wide.) (CVE-2025-1098)   
  - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the     `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary     code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the     controller. (Note that in the default installation, the controller can access     all Secrets cluster-wide.) (CVE-2025-1097)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

CVE-2025-1974

critical

Tenable Plugins

critical