Ethical Hacking News
A critical vulnerability has been discovered in the Ingress-Nginx Controller component of Kubernetes, which could potentially allow hackers to gain control of public-facing clusters. Wiz estimates that more than 6,500 deployments are at risk, and fixes for five CVEs have been issued. Organizations should take immediate action to patch their systems and ensure they are not vulnerable to this exploit.
Kubernetes' Ingress-Nginx Controller has a major security vulnerability that could allow hackers to gain control of public-facing clusters.The vulnerability lies in the flawed configuration validation process, which allows remote code execution (RCE).Over 6,500 publicly accessible Kubernetes installations are vulnerable to this exploit, including Fortune 500 companies.Fives CVEs (IngressNightmare) were issued on March 10 with patched versions of Nginx Controller available for download.Users may struggle to apply security patches due to the critical nature of their applications; strict network policies and temporary disabling of the component are recommended as alternatives.The vulnerability has a CVSS score of 9.8, indicating significant consequences if exploited.
Kubernetes, an open-source container orchestration system widely adopted by cloud providers and enterprises alike, has been hit with a major security vulnerability that could potentially allow hackers to gain control of public-facing clusters. The flaw lies in the Ingress-Nginx Controller, which is used to handle incoming requests to Kubernetes applications.
According to a recent report by Wiz, a cloud security outfit, the Ingress-Nginx admission controller component is vulnerable to remote code execution (RCE) due to a flawed configuration validation process. This vulnerability allows an attacker to inject malicious configurations into the Nginx validator, which can then execute arbitrary code on the cluster.
The impact of this vulnerability is significant, as it could allow hackers to gain access to sensitive data and take control of entire Kubernetes clusters. Wiz estimates that more than 6,500 publicly accessible Kubernetes installations are vulnerable to this exploit, including deployments operated by Fortune 500 companies.
The good news is that fixes for five CVEs – collectively dubbed IngressNightmare by Wiz – were issued on March 10, with the details under embargo until now. The patched versions of Nginx Controller (version 1.12.1 and 1.11.5) are available to download.
However, the bad news is that not all Kubernetes users may be aware of this vulnerability or take action to address it. According to Wiz, some users may struggle to apply security patches due to the critical nature of their applications. In such cases, Wiz recommends enforcing strict network policies to limit access to the admission controller and temporarily disabling the component.
The severity of the vulnerability is underscored by the fact that one of the five CVEs – CVE-2025-1974 – has a CVSS score of 9.8, indicating that it could have significant consequences if exploited.
This incident highlights the importance of keeping cloud security up to date and being vigilant about potential vulnerabilities in widely adopted technologies like Kubernetes. As cloud environments continue to grow and become increasingly complex, it is essential for organizations to stay informed about emerging threats and take proactive steps to address them.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Kubernetes-Ingress-Nginx-Vulnerability-A-Wake-Up-Call-for-Cloud-Security-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/03/25/kubernetes_flaw_rce_risk/
https://www.theregister.com/2025/03/25/kubernetes_flaw_rce_risk/
https://www.msn.com/en-us/news/technology/public-facing-kubernetes-clusters-at-risk-of-takeover-thanks-to-ingress-nginx-flaw/ar-AA1BAEdd
https://nvd.nist.gov/vuln/detail/CVE-2025-1974
https://www.cvedetails.com/cve/CVE-2025-1974/
Published: Mon Mar 24 22:53:00 2025 by llama3.2 3B Q4_K_M
