CVE-2025-1974 is a critical remote code execution (RCE) vulnerability in Kubernetes’ Ingress-NGINX Controller that allows unauthenticated attackers with network access to inject arbitrary NGINX configuration directives, potentially leading to full cluster compromise. Ingress-NGINX is a software-only ingress controller provided by the Kubernetes project. Because of its versatility and ease of use, ingress-nginx is quite popular: it is deployed in over 40% of Kubernetes clusters. The vulnerability stems from improper handling of user-supplied annotations in Ingress objects, which are processed by the admission controller without adequate sanitization. By crafting a malicious Ingress object, an attacker can execute arbitrary commands when the admission controller validates the NGINX configuration.
The issue affects Ingress-NGINX Controller versions prior to v1.12.1, v1.11.5, and v1.10.7. CVE-2025-1974 has been assigned a CVSS score of 9.8 (Critical), reflecting its high impact on confidentiality, integrity, and availability. It is part of a broader set of vulnerabilities collectively referred to as “IngressNightmare,” which includes CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-24513 —each exploiting weaknesses in Ingress annotation processing. Exploitation of this flaw could result in widespread Kubernetes cluster compromises, data exfiltration, and further attacks if chained with other vulnerabilities. (Wiz, 2025; Kubernetes, 2025; NVD, 2025).
Vulnerability Type (CWE)
CWE-653: Improper Isolation or Compartmentalization
This vulnerability arises when a system fails to enforce proper separation between different execution contexts, allowing an attacker to break containment boundaries. In the case of CVE-2025-1974, inadequate isolation within the Ingress NGINX Controller permits malicious configuration injections that ultimately lead to unauthorized code execution within the Kubernetes environment.
CVSS Score (NIST)
Base Score: 9.8 (Critical)
Attack Vector: Network (AV:N)
Attack Complexity: Low (AC:L) Exploitation does not require specific environmental conditions, making this vulnerability accessible to attackers with a basic understanding of NGINX configurations and Kubernetes ingress controls.
Privileges Required: None (PR:N) An attacker does not need any prior access to exploit this flaw, significantly increasing the risk of widespread abuse.
User Interaction: None (UI:N) The attack can be fully automated without requiring user intervention, facilitating large-scale exploitation.
Scope: Unchanged (S:U) The impact remains within the compromised Kubernetes pod but can lead to further privilege escalation and lateral movement within the cluster if additional misconfigurations are present.
Impact on CIA: High – The vulnerability threatens all three core security principles:
- Confidentiality: High (C:H) Severe – allows attackers to gain unauthorized access to sensitive data within the compromised pod.
- Integrity: High (I:H) Severe – enables modification of system configurations and potential execution of malicious code.
- Availability: High (A:H) Severe -can lead to service disruption, denial of service, or the takeover of ingress resources.
| Impacted Versions | Patched Versions |
|---|---|
| < v1.10.6 | v1.10.7 |
| v1.11.0 – 1.11.4 | v1.11.5 |
| v1.12.0 | v1.12.1 |
Mitigation Steps
- Upgrade Ingress-NGINX Controller: update to a patched version (v1.12.1, v1.11.5, or v1.10.7) to address the vulnerability.
- Restrict Network Access: implement network policies to limit access to the admission controller, ensuring it is not exposed externally and only trusted sources can communicate with it.
- Temporarily disable the admission controller component of Ingress-NGINX if you cannot upgrade right away.
Exploit Process
Phase 1: Configuration Injection
- The attacker injects malicious directives into the NGINX configuration using the ssl_engine directive, which allows arbitrary shared library loading.
- This directive bypasses security restrictions since nginx -t only tests but does not apply configurations.
Phase 2: Uploading the Malicious Shared Library
- The attacker leverages NGINX’s client-body buffering mechanism.
- A large (>8KB) HTTP request is sent, causing NGINX to temporarily store the payload in the pod’s file system.
- NGINX immediately deletes the file, but an open file descriptor remains accessible via /proc.
- The attacker guesses the PID and file descriptor to retrieve the stored payload.
Phase 3: Remote Code Execution
- The attacker sends an AdmissionReview request to the Ingress NGINX Controller with the ssl_engine directive.
- The directive points to the malicious shared library’s file descriptor path in ProcFS.
- nginx -t loads the attacker’s library, executing arbitrary code with Kubernetes pod privileges.
Interaction with Other Vulnerabilities:
According to Wiz, CVE-2025-1974 can be chained with other Kubernetes Ingress vulnerabilities, increasing the potential for privilege escalation and cluster-wide compromise:
CVE-2025-24513 – Auth Secret File Path Traversal
- CVSS Score: 4.8
- A directory traversal vulnerability in the ingress-NGINX Admission Controller feature, where attacker-controlled data is improperly included in a filename.
- On its own, this vulnerability can lead to denial-of-service (DoS) by interfering with configuration files or logs.
- When combined with other vulnerabilities, it can expose secret objects from the cluster, facilitating privilege escalation or further exploitation.
CVE-2025-24514 – Auth-URL Annotation Injection
- CVSS Score: 8.8
- The auth-url annotation allows specifying an external authentication URL, which is processed without sanitization.
- Attackers can inject malicious NGINX directives through auth-url, which are then executed when nginx -t runs.
CVE-2025-1097 – Auth-TLS-Match-CN Annotation Injection
- CVSS Score: 8.8
- The auth-tls-match-cn annotation requires:
- the value must start with CN=.
- all remaining characters must form a valid regular expression.
- The auth-tls-match-cn annotation is validated using regex, but a bypass allows arbitrary NGINX configurations to be injected.
- Requires access to an existing TLS certificate or a keypair secret, which many Kubernetes solutions provide by default.
- Can be used to gain access to secrets in kube-system, including service credentials and certificates.
CVE-2025-1098 – Mirror UID Injection
- CVSS Score: 8.8
- The UID of an Ingress object is processed without sanitization, allowing arbitrary NGINX directive injection.
- Since UID is not an annotation, it bypasses regex sanitization rules.
- Attackers can craft a malicious Ingress object with a UID containing escaped characters, leading to configuration injection.
Chained Attack Scenario
- Attackers exploiting CVE-2025-24513 to traverse directories and access sensitive NGINX configuration or Kubernetes secret files.
- Attackers using CVE-2025-24514 to inject a malicious auth-url, setting up an external server that sends further payloads.
- Attackers leveraging CVE-2025-1097 to extract Kubernetes secrets and gain access to private keys and internal TLS certificates.
- Malicious actors exploiting CVE-2025-1098 to escalate privileges by injecting directives into UID fields, enabling lateral movement within the cluster.
- Executing CVE-2025-1974 as the final payload, achieving remote code execution within the ingress-nginx controller pod, leading to full Kubernetes cluster compromise.
Timeline
- December 31, 2024 – Wiz Research reported CVE-2025-1974 and CVE-2025-24514 to Kubernetes.
- January 2, 2025 – Wiz Research reported CVE-2025-1097 to Kubernetes.
- January 3, 2025 – Kubernetes acknowledged the reports.
- January 9, 2025 – Kubernetes proposed a fix for CVE-2025-1097.
- January 10, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-1097.
- January 12, 2025 – Kubernetes proposed a fix for CVE-2025-1974.
- January 16, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-1974.
- January 20, 2025 – Kubernetes proposed a fix for CVE-2025-24513.
- January 21, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-24513.
- January 21, 2025 – Wiz Research reported CVE-2025-1098 to Kubernetes.
- February 7, 2025 – Kubernetes released internal patches for the injection vulnerabilities: CVE-2025-1098, CVE-2025-1097, and CVE-2025-24514.
- February 20, 2025 – Kubernetes notified Wiz Research that they removed the NGINX configuration validation from the admission controller, resolving CVE-2025-1974.
- March 10, 2025 – Kubernetes sent embargo notifications regarding the five vulnerabilities reported by Wiz Research.
- March 24, 2025 – Public disclosure.
IOCs
- Unusual configuration changes in Ingress NGINX logs.
- Unexpected
nginx -texecution with modified directives. - Suspicious large HTTP requests to Ingress Controller.
- Anomalous library loads.
- Open file descriptors linked to deleted files in
/proc.
CVE-2025-1974 is a critical remote code execution vulnerability in the Ingress NGINX Controller, affecting Kubernetes environments. The flaw allows attackers to inject arbitrary NGINX configuration directives, leading to the potential execution of malicious shared libraries during the NGINX configuration validation process. Exploiting this vulnerability involves abusing the client-body buffering feature to upload a malicious shared library and leveraging the ssl_engine directive to load the payload, ultimately achieving remote code execution with high privileges, with the potential to compromise Kubernetes clusters and sensitive workloads. The Ingress NGINX team has released patches to address the issue in versions 1.12.1, 1.11.5, and 1.10.7. Organizations are urged to upgrade to the latest version and enforce strict annotation validation, as well as restrict access to Kubernetes secrets. Continuous monitoring of ingress traffic for anomalies, such as large HTTP requests, unexpected NGINX configuration changes and anomalous library loads, is recommended to detect potential exploitation attempts. Implementing these measures will reduce the attack surface and significantly mitigate the risk of exploitation (Wiz, 2025).
Centripetal’s Perspective
Centripetal’s CleanINTERNET® service provides a proactive, intelligence-driven defense against vulnerabilities like CVE-2025-1974, which allows attackers to inject malicious configurations leading to remote code execution in Kubernetes Ingress NGINX Controllers. Leveraging billions of threat indicators, CleanINTERNET® dynamically blocks malicious traffic using real-time global threat feeds and augmented human analysis, proactively protecting organizations from exploitation attempts involving known IoCs. This approach ensures reduced attack surface, enhanced security operations, and uninterrupted business continuity, enabling organizations to adopt a proactive and adaptive cybersecurity strategy against evolving threats.
If you are a current client of Kubernetes please contact support@centripetal.ai.
Centripetal is also pleased to offer Penetration Testing and Vulnerability Assessment services to help organizations identify vulnerabilities and reduce risk. If interested, please contact our Professional Services team at profservs@centripetal.ai or reach out to your Centripetal Account Representative.
Resources
- Wiz – IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
- National Vulnerability Database – CVE-2025-1974 Detail
- Kubernetes – Ingress-nginx CVE-2025-1974: What You Need to Know
- Armosec – IngressNightmare: Analysis of Critical Vulnerabilities in Kubernetes Ingress NGINX Controller
- Ravie Lakshmanan – Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication
- Rapid7 – Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
