It enables attackers to inject arbitrary NGINX configuration directives, potentially leading to remote code execution. It enables attackers to bypass validation checks and inject arbitrary NGINX configurations, potentially leading to remote code execution. It enables attackers to load arbitrary shared libraries during the NGINX configuration testing phase, leading to code execution with elevated privileges. The vulnerable controller runs with elevated privileges and unrestricted network accessibility, allowing attackers to access all cluster secrets across namespaces, potentially leading to complete cluster takeover. “Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover,” Wiz researchers warned in their disclosure. CVE-2025-1974: This issue allows for remote code execution in the Ingress NGINX Admission Controller. These flaws could allow unauthenticated attackers to execute remote code and gain complete control over vulnerable Kubernetes clusters. It allows attackers to inject arbitrary NGINX configuration directives by manipulating the UID field, which is not properly sanitized. The vulnerabilities, assigned CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974, and CVE-2025-24513, affect the admission controller component of the Ingress NGINX Controller. “If you can’t upgrade immediately, consider enforcing strict network policies so only the Kubernetes API Server can access the admission controller,” Wiz advised. CVE-2025-24513: This vulnerability in Ingress NGINX Controller involves a file path traversal issue related to auth secret files.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 25 Mar 2025 09:25:07 +0000