Critical Vulnerabilities Identified in Ingress-NGINX Controller for Kubernetes
Critical Vulnerabilities Found in Ingress-NGINX Controller for Kubernetes: Immediate Action Required
A set of serious vulnerabilities has been uncovered in the Ingress-NGINX Controller for Kubernetes, posing significant risks to organizations utilizing affected versions. The Australian Cyber Security Centre (ACSC) has issued an advisory alerting users that versions prior to NGINX Controller 1.12.1 and 1.11.5 are susceptible to unauthorized remote code execution and potential full cluster takeover.
The vulnerabilities arise from improper handling of ingress annotations and attacker-provided data, which could lead to arbitrary code execution and sensitive data disclosures. Among the key vulnerabilities identified are:
-
CVE-2025-1097: Exploitation of the auth-tls-match-cn Ingress annotation could allow unauthorized configurations to be injected into NGINX, enabling attackers to execute arbitrary code and access sensitive secrets across namespaces.
-
CVE-2025-1098: The misuse of mirror-target and mirror-host annotations can lead to remote execution of malicious code, exposing cluster-wide secrets and compromising system integrity.
-
CVE-2025-1974: An unauthenticated attacker with access to the pod network may achieve arbitrary code execution, risking full control over the cluster.
-
CVE-2025-24513: A directory traversal vulnerability in the Ingress-NGINX Admission Controller allows attacker-provided data to be included in filenames, potentially leading to unauthorized access.
- CVE-2025-24514: The auth-url Ingress annotation can be exploited to inject malicious configurations, granting unauthorized access to secrets.
To mitigate these risks, the ACSC strongly recommends that organizations immediately upgrade to the latest versions of the Ingress-NGINX Controller. Additionally, users should regularly monitor security updates and review Kubernetes security guidance to safeguard their environments.
With the potential for remote code execution and cluster-wide compromise, swift action is essential to protect sensitive data and maintain the integrity of Kubernetes infrastructures.