Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Critical Ingress NGINX Controller Vulnerability Exposed: A Growing Threat to Cloud Security


Critical Ingress NGINX Controller Vulnerability Exposed: A Growing Threat to Cloud Security
A recently discovered vulnerability in the Ingress NGINX Controller for Kubernetes poses a significant threat to cloud security. Learn more about this critical vulnerability and how organizations can mitigate its impact.

  • The Ingress NGINX Controller for Kubernetes has a disclosed vulnerability called "IngressNightmare" that affects approximately 43% of cloud environments.
  • The vulnerability allows unauthenticated remote code execution without authentication, posing a significant threat to cloud security.
  • The vulnerabilities collectively have a CVSS score of 9.8, indicating high severity and potential for unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster.
  • Users are recommended to update to the latest version of the Ingress NGINX Controller (versions 1.12.1, 1.11.5, and 1.10.7) as soon as possible to mitigate the vulnerability.
  • Limited access to the admission controller component can help prevent exploitation of this vulnerability.
  • Secure configuration, proper input validation, and awareness of emerging vulnerabilities are crucial for preventing unauthorized access to Kubernetes clusters.



    • The cybersecurity landscape is continuously evolving, and new vulnerabilities are emerging that can compromise cloud security. One such vulnerability has been disclosed in the Ingress NGINX Controller for Kubernetes, which poses a significant threat to cloud environments. The vulnerability, codenamed "IngressNightmare," was discovered by cloud security firm Wiz and affects approximately 43% of cloud environments.

    The Ingress NGINX Controller is an essential component of Kubernetes-based cloud environments, as it serves as a reverse proxy and load balancer for HTTP and HTTPS routes within the cluster. However, a set of five critical security shortcomings have been identified in this component, which can result in unauthenticated remote code execution without authentication.

    According to Wiz, the vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974) were collectively assigned a CVSS score of 9.8. This high severity rating indicates that an attacker could exploit these vulnerabilities to gain unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster.

    The admission controller component of the Ingress NGINX Controller is particularly vulnerable, as it is accessible over the network without authentication. An attacker can inject an arbitrary NGINX configuration remotely by sending a malicious ingress object (aka AdmissionReview requests) directly to the admission controller, resulting in code execution on the Ingress NGINX Controller's pod.

    The attack chain involves injecting malicious configuration and utilizing it to read sensitive files and run arbitrary code. This could subsequently permit an attacker to abuse a strong Service Account in order to read Kubernetes secrets and ultimately facilitate cluster takeover.

    To mitigate this vulnerability, users are recommended to update to the latest version of the Ingress NGINX Controller (versions 1.12.1, 1.11.5, and 1.10.7) as soon as possible. Additionally, it is advised to limit only the Kubernetes API Server to access the admission controller and temporarily disable the admission controller component if it's not needed.

    Furthermore, experts emphasize that limiting exposure of the admission webhook endpoint can also help prevent exploitation of this vulnerability. In addition, developers should be aware of the importance of secure configuration and proper input validation when working with sensitive data.

    In conclusion, the Critical Ingress NGINX Controller Vulnerability represents a significant threat to cloud security. It is crucial for organizations to take immediate action to address this vulnerability and implement measures to prevent unauthorized access to their Kubernetes clusters. By staying informed about emerging vulnerabilities and implementing robust security protocols, businesses can minimize the risk of a successful attack.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Critical-Ingress-NGINX-Controller-Vulnerability-Exposed-A-Growing-Threat-to-Cloud-Security-ehn.shtml

  • https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

  • https://nvd.nist.gov/vuln/detail/CVE-2025-24513

  • https://www.cvedetails.com/cve/CVE-2025-24513/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-24514

  • https://www.cvedetails.com/cve/CVE-2025-24514/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-1097

  • https://www.cvedetails.com/cve/CVE-2025-1097/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-1098

  • https://www.cvedetails.com/cve/CVE-2025-1098/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-1974

  • https://www.cvedetails.com/cve/CVE-2025-1974/


    • Published: Mon Mar 24 15:51:25 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us