CVE-2025-1974
Published Mar 25, 2025
Last updated 21 days ago
AI description
CVE-2025-1974 is a vulnerability within the Ingress NGINX Controller for Kubernetes, specifically affecting the admission controller component. This flaw falls under a group of vulnerabilities collectively known as "IngressNightmare." The vulnerability arises because the admission controllers are accessible over the network without authentication. By sending a malicious ingress object directly to the admission controller, an attacker can inject arbitrary NGINX configurations. This results in code execution on the Ingress NGINX Controller's pod, potentially granting unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster, which could lead to a complete cluster takeover.
- Description
- A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
- Source
- jordan@liggitt.net
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- jordan@liggitt.net
- CWE-653
- Hype score
- Not currently trending
IngressNightmare: CVE-2025-1974 - 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX Over 40% of cloud environments are vulnerable to RCE, likely leading to a complete cluster takeover. https://t.co/Q4ldpLvQ29 #Kubernetes #CloudNative
@NaveenS16
15 Apr 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
In Nuclei-Templates, we don’t just add CVEs — we continuously update them to reduce false negatives and introduce regular enhancements 🛠️ Recently, we added IngressNightmare (CVE-2025-1974). Today, we’ve updated it and expanded coverage by adding the following related https://t
@pdnuclei
10 Apr 2025
3186 Impressions
13 Retweets
53 Likes
10 Bookmarks
0 Replies
0 Quotes
🚨 Alerta de Seguridad: CVE-2025-1974 🚨 Ejecución Remota de Código en Ingress NGINX para Kubernetes Se ha identificado una vulnerabilidad en Ingress NGINX para Kubernetes que permite a un atacante no autenticado ejecutar código en el controlador ingress-nginx. https://t.co/rRv
@BanCERT_gt
8 Apr 2025
5 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Alert: "IngressNightmare" Vulnerabilities in NGINX for Kubernetes—CVSS 9.8 Threat Demands Immediate Action Why This Matters: A CVSS 9.8 Threat in NGINX The CVSS score of 9.8 for CVE-2025-1974 isn’t just a number—it’s a red flag. This score indicates a near-perfect
@dinhtrong0299
7 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-1974
@transilienceai
6 Apr 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-1974
@transilienceai
6 Apr 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-1974
@transilienceai
5 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
💥 FLASH NOTICE 💥 CVE-2025-1974 is a critical vulnerability in the #Kubernetes Ingress NGINX Controller that permits unauthenticated #RCE. With a CVSS score of 9.8, users are advised to patch ASAP. More details & mitigation info can be found here: https://t.co/xMJfnCVeiW ht
@Avertium
4 Apr 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/QeoxJBRLwf https://t.co/wwtWqOL4AR
@IT_Peurico
3 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kubernetes Ingress-nginx远程代码执行漏洞(CVE-2025-1974)Ingress-nginx是Kubernetes项目提供的开源Ingress控制器,基于nginx实现,用于管理Kubernetes集群中的网络流量,功能强大、易于使用且初步强。绿盟科技已成功修复此漏洞 https://t.co/cIApTSG2p8
@chenze654321
3 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 IngressNightmare: Critical Kubernetes Flaws! 🚨 Severe RCE vulnerabilities found in Ingress NGINX Controller! 🚑 CVE-2025-1974 CVSS 9.8 lets unauth attackers execute arbitrary code via the pod network. 🛑 Patch now: versions 1.12.1, 1.11.5, 1.10.7.
@CareWeDoNot
2 Apr 2025
36 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-1974
@transilienceai
2 Apr 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/9Lid64NsNm https://t.co/a9RJUkGLNZ
@NickBla41002745
31 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New CVE: CVE-2025-1974 Name: Ingress-Nginx Controller - Unauthenticated Remote Code Execution Severity: CRITICAL Desc: A security issue was discovered in ingress-nginx w... 🔍 https://t.co/8uNwWej9ko #NucleiTemplates #CVE
@pdnuclei_bot
31 Mar 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #Kubernetes presenta una vulnerabilidad crítica (CVE-2025-1974) en el Ingress NGINX Controller, permitiendo a atacantes no autenticados ejecutar código malicioso sin credenciales. Se recomienda actualizar a las versiones v1.11.5 o v1.12.1. Mantente alerta y aplica parches. htt
@pipobarraca
31 Mar 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
After my last post analyzing the NGINX #IngressNightmare vulnerability, I’m excited to share a new addition to my Kubernetes Security: Advanced Exploitation series! Inspired by the excellent research from the Wiz team on CVE-2025-1974, I’ve created a hands-on lab that walks you
@Alevsk
30 Mar 2025
247 Impressions
0 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-1974: Vuln in Kubernetes Ingress Controller, 9.8 rating 🔥 In some cases, an unauth attacker may be able to RCE in the context of the ingress-nginx controller. https://t.co/l83QLMTcfL
@SeniorHack242
30 Mar 2025
39 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 IngressNightmare (CVE-2025-1974) hits Kubernetes clusters hard—unauth RCE via Ingress-NGINX. • Affects 40%+ cloud envs • Bypass via auth annotations & UID injection • Cluster secrets exposed Read the blog: https://t.co/bjfKFs9dl8 #Kubernetes #NGINX #IngressController ht
@PicusSecurity
29 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-1974
@transilienceai
29 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/UyZeLktPnH
@SeniorHack82173
28 Mar 2025
11 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 La récente vulnérabilité CVE-2025-1974, découverte dans #Kubernetes, permet à un attaquant non authentifié d'exécuter du code arbitraire dans le contexte du contrôleur ingress-nginx. Cela peut entraîner la divulgation des secrets du cluster. https://t.co/IwmyYbMdnk 🔐 https
@FGTECHTEAM
28 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-1974
@transilienceai
28 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. https://t.co/DKk60FqzHY
@AfricaCERT
27 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) https://t.co/DifyO9PFuI https://t.co/1wwKpK8hcj
@DarkWebInformer
27 Mar 2025
18614 Impressions
66 Retweets
239 Likes
71 Bookmarks
2 Replies
2 Quotes
Kubernetes Ingress-nginx リモートコード実行の脆弱性 (CVE-2025-1974) Kubernetes Ingress-nginx Remote Code Execution Vulnerability (CVE-2025-1974) #SecurityBoulevard (Mar 27) https://t.co/IHSnqimCmW
@foxbook
27 Mar 2025
61 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Major Kubernetes Vulnerability! Remote Code Execution - Kubernetes ingress-nginx (CVE-2025-1974). Remote attackers can steal cluster-wide secrets. Public exploits available! #Kubernetes #IngressNightmare ➡️ https://t.co/fRZvkhPDD0 https://t.co/XqSmz5tACj
@leonov_av
27 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
For the last few days we are also scanning & reporting out exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature). These may possibly be also vulnerable to CVE-2025-1974 & other recently disclosed vulnerabilities. We see around 4000 IPs exposed. h
@Shadowserver
27 Mar 2025
5685 Impressions
26 Retweets
49 Likes
14 Bookmarks
1 Reply
0 Quotes
IngressNightmare PoC available (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) https://t.co/tWWdrj0eLw
@t3l3machus
27 Mar 2025
944 Impressions
13 Retweets
28 Likes
10 Bookmarks
0 Replies
0 Quotes
Hay @grok Is IngressNightmare CVE Number CVE-2025-1974, impacting private kubernetes cluster? #Vulnerabilities #ITSecurity #kubernetes
@RajeshShisodiya
27 Mar 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical #Kubernetes security alert! CVE-2025-1974 & 4 other "IngressNightmare" flaws in Ingress NGINX could lead to unauth RCE. Patch now! 🛡️ #CyberSecurity 🔗 Read more: https://t.co/xhrQvnIEBY https://t.co/xhrQvnIEBY
@SalvadorCloud
27 Mar 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
NIST サイトの CVE-2025-1974 のリンクがおかしい (https:// がダブってる) ので、誰か教えてあげてください https://t.co/Ki0rcSXGSg https://t.co/ZpMNWC8d5O
@mikiT_T
27 Mar 2025
215 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2787: HIGH] KNIME Business Hub faces Ingress-nginx CVE-2025-1974 vulnerability. Update to versions 1.13.3 or above to mitigate risks of cluster takeover by IngressNightmare.#cybersecurity,#vulnerability https://t.co/aiVPw97daD https://t.co/PUX6YMibbD
@CveFindCom
26 Mar 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Kubernetes RCE – CVE-2025-1974 Threat actors are actively exploiting a flaw in Ingress-NGINX, enabling cluster wide compromise. CyberSib is tracking the attacks and helping organizations secure their Kubernetes environments. #CyberSib #CVE20251974 #cybersecuritytips
@Cybersib_co
26 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Ingress-nginx CVE-2025-1974: What You Need to Know Read more: https://t.co/A44CodbJ6Z
@CloudIslamabad
26 Mar 2025
588 Impressions
2 Retweets
16 Likes
6 Bookmarks
0 Replies
0 Quotes
Our team has just successfully reproduced the IngressNightmare vulnerability (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) and created a custom exploit achieving RCE. It's a Pre-Auth RCE affecting Ingress NGINX that allows complete cluster takeover. We'll htt
@carlos_crowsec
26 Mar 2025
51970 Impressions
164 Retweets
743 Likes
361 Bookmarks
10 Replies
2 Quotes
Safeguard Kubernetes from critical RCE threats (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974). Explore ASPM, remediation strategies, and Phoenix Security insights to secure your NGINX ingress and block advanced attacks. #kubernetes #vulnerability #nginx #aspm https
@sec_phoenix
26 Mar 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/ndSChz8g50 https://t.co/VSSptdSAm7
@Trej0Jass
26 Mar 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX #IngressNightmare CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 CVE-2025-1974, https://t.co/s8USBfedJJ
@freedomhack101
26 Mar 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/0QPPHQeRNI https://t.co/e3UFJ0twAu
@secured_cyber
26 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GitHub - sandumjacob/IngressNightmare-POCs: Worlds First Public POC for CVE-2025-1974 lol https://t.co/5PehAF7yvn
@akaclandestine
26 Mar 2025
3485 Impressions
23 Retweets
76 Likes
23 Bookmarks
1 Reply
1 Quote
🚨 Critical Vulnerabilities found in Kubernetes Ingress-NGINX (CVE-2025-1974). See the @ncsc_gov_ie advisory for more info: https://t.co/A1Hs3JBNr9
@ncsc_gov_ie
26 Mar 2025
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical RCE flaws in #ingressnginx threaten 6,500+ #Kubernetes clusters. 🔹 CVE-2025-1974 (CVSS 9.8) + 4 others 🔹 Impact: RCE, secrets exposure, cluster compromise ✅ Patch to v1.12.1 or v1.11.5 https://t.co/5NxoImCaRD
@socradar
26 Mar 2025
68 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
ingress-nginxの脆弱性(CVE-2025-1974)、なかなか影響大きそうですな。「Ingressどうする?」「とりあえずnginxでええやろ」ぐらいの感じでめっちゃ使われてるので https://t.co/kjKzg5veu6
@jyoshise
26 Mar 2025
1791 Impressions
7 Retweets
17 Likes
2 Bookmarks
1 Reply
0 Quotes
🚨 Critical vulnerabilities (CVE-2025-1974) in Ingress NGINX Controller threaten Kubernetes, allowing remote code execution. Upgrade urgently to safeguard cloud services like AWS & GCP. 🔒 #Kubernetes #Ingress #USA link: https://t.co/Lpdz9x0l43 https://t.co/rWz91dOXKd
@TweetThreatNews
26 Mar 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-1974 (CVSS 9.8): Ingress NGINX Flaws Threaten Mass Kubernetes Compromise 🔥PoC: https://t.co/WT7YoacrJJ 🎯6.3m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link: https://t.co/CwjaXMZdnV FOFA Query:app="kubernetes" 🔖Refer: https://t.co/411gi
@fofabot
26 Mar 2025
2173 Impressions
14 Retweets
34 Likes
14 Bookmarks
0 Replies
0 Quotes
We’ve added a template to detect "IngressNightmare" — Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX (CVE-2025-1974). This template is part of our Kubernetes Cluster Security templates, designed to identify vulnerable versions of the Ingress NGINX https:/
@princechaddha
25 Mar 2025
1301 Impressions
6 Retweets
24 Likes
11 Bookmarks
0 Replies
0 Quotes
We’ve added a template to detect "IngressNightmare" — Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX (CVE-2025-1974). This template is part of our Kubernetes Cluster Security templates, designed to identify vulnerable versions of the Ingress NGINX https:/
@princechaddha
25 Mar 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚀🔒 @sysdig : 𝙳𝚎𝚝𝚎𝚌𝚝𝚒𝚗𝚐 𝙰𝚗𝚍 𝙼𝚒𝚝𝚒𝚐𝚊𝚝𝚒𝚗𝚐 IngressNightmare (𝙲𝚅𝙴-2025-1974) 🔒🚀 #cyber_security_insights 💡 𝙾𝚟𝚎𝚛𝚟𝚒𝚎𝚠: @sysdig latest blog post dives into the IngressNightmare vulnerability (CVE-2025-1974), a critical security flaw impacting https
@MahRabie
25 Mar 2025
116 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
IngressNightmare POCs (CVE-2025-1974) https://t.co/rXCSLhY9Bx
@Dinosn
25 Mar 2025
2882 Impressions
7 Retweets
28 Likes
14 Bookmarks
0 Replies
0 Quotes
Jacob Sandum posted a detailed and well-written PoC for the IngressNightmare (CVE-2025-1974 ) vulnerability found in the Kubernetes ingress-nginx Admission Controller by Wiz (Woogle!): https://t.co/c8Yau94NEx https://t.co/PdOgMYzenQ
@hdmoore
25 Mar 2025
10670 Impressions
56 Retweets
108 Likes
53 Bookmarks
3 Replies
3 Quotes