CVE-2025-1098

Published Mar 25, 2025

Last updated 2 months ago

CVSS high 8.8
Kubernetes
IngressNightmare
NGINX

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-1098 is one of five critical vulnerabilities disclosed in the Ingress NGINX Controller for Kubernetes. These vulnerabilities, collectively named "IngressNightmare," could lead to unauthenticated remote code execution. The vulnerability affects the admission controller component and allows attackers to inject arbitrary Nginx configurations by sending malicious ingress objects. This can result in code execution on the Ingress NGINX Controller's pod and unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster, potentially leading to a complete cluster takeover.

Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Source
jordan@liggitt.net
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

jordan@liggitt.net
CWE-20

Social media

Hype score
Not currently trending

  1. 🚨CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974: PoC code to exploit the IngressNightmare vulnerabilities GitHub: https://t.co/TdNZwLsCcm https://t.co/mr7rRBuIUc

    @DarkWebInformer

    15 Oct 2025

    12271 Impressions

    47 Retweets

    184 Likes

    90 Bookmarks

    0 Replies

    0 Quotes

  2. Recently, the cloud security platform Wiz Research disclosed five security vulnerabilities in Ingress Nginx, specifically CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974. These are unauthenticated remote code execution vulnerabilities in the Kubernetes Ingress htt

    @alibaba_cloud

    21 Apr 2025

    2712 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Recently, the cloud security platform Wiz Research disclosed five security vulnerabilities in Ingress Nginx, specifically CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974. These are unauthenticated remote code execution vulnerabilities in the Kubernetes Ingress htt

    @alibaba_cloud

    21 Apr 2025

    110 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/QeoxJBRLwf https://t.co/wwtWqOL4AR

    @IT_Peurico

    3 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/9Lid64NsNm https://t.co/a9RJUkGLNZ

    @NickBla41002745

    31 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #wiz #IngressNightmare #POC #Security CVE-2025-24514 - auth-url injection -- when IsAuthURL = true CVE-2025-1097 - auth-tls-match-cn injection -- when IsAuthTLSMatchCN = true CVE-2025-1098 – mirror UID injection -- when IsMirrorWithUID = true Exps here: https://t.co/V9KzF45OJW

    @Skyworship2

    30 Mar 2025

    556 Impressions

    0 Retweets

    5 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  7. Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/UyZeLktPnH

    @SeniorHack82173

    28 Mar 2025

    11 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. https://t.co/DKk60FqzHY

    @AfricaCERT

    27 Mar 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) https://t.co/DifyO9PFuI https://t.co/1wwKpK8hcj

    @DarkWebInformer

    27 Mar 2025

    18614 Impressions

    66 Retweets

    239 Likes

    71 Bookmarks

    2 Replies

    2 Quotes

  10. IngressNightmare PoC available (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) https://t.co/tWWdrj0eLw

    @t3l3machus

    27 Mar 2025

    944 Impressions

    13 Retweets

    28 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  11. My week thanks to CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-29927, CVE-2025-24813....... https://t.co/QM3hlv6IlT

    @mruston

    26 Mar 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Our team has just successfully reproduced the IngressNightmare vulnerability (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) and created a custom exploit achieving RCE. It's a Pre-Auth RCE affecting Ingress NGINX that allows complete cluster takeover. We'll htt

    @carlos_crowsec

    26 Mar 2025

    51970 Impressions

    164 Retweets

    743 Likes

    361 Bookmarks

    10 Replies

    2 Quotes

  13. Safeguard Kubernetes from critical RCE threats (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974). Explore ASPM, remediation strategies, and Phoenix Security insights to secure your NGINX ingress and block advanced attacks. #kubernetes #vulnerability #nginx #aspm https

    @sec_phoenix

    26 Mar 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/ndSChz8g50 https://t.co/VSSptdSAm7

    @Trej0Jass

    26 Mar 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX #IngressNightmare CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 CVE-2025-1974, https://t.co/s8USBfedJJ

    @freedomhack101

    26 Mar 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  16. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/0QPPHQeRNI https://t.co/e3UFJ0twAu

    @secured_cyber

    26 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 💬New Blog Post 👉  IS  NGINX IngressNightmare bad? Bad news it is: Critical Remote Code Execution Threats (CVE-2025-1097, CVE-2025-1098, CVE-20 - https://t.co/lXOEuDJdNk

    @sec_phoenix

    26 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Five newly disclosed critical vulnerabilities in the Ingress NGINX Controller for Kubernetes—collectively dubbed IngressNightmare — pose a severe remote code execution (RCE) risk to cloud environments. These flaws (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and

    @cytexsmb

    25 Mar 2025

    152 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    2 Replies

    2 Quotes

  19. 🚨 CVE-2025-1098 🔴 HIGH (8.8) 🏢 kubernetes - ingress-nginx 🏗️ 0 🔗 https://t.co/eGMAvwyIJZ #CyberCron #VulnAlert #InfoSec https://t.co/YbMz7hmPm8

    @cybercronai

    25 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/M5466CUVpq https://t.co/kLG5oaB8HP

    @pcasano

    25 Mar 2025

    79 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨Patch up your Kubernetes installs. ⚠️ Affected @kubernetesio versions: < v1.11.0 v1.11.0 - 1.11.4 v1.12.0 🦠Vulnerabilities  CVE-2025-1974 CVE-2025-1097  CVE-2025-1098  CVE-2025-24514 CVE-2025-24513 https://t.co/zrLTDB2rU4

    @gothburz

    25 Mar 2025

    192 Impressions

    0 Retweets

    52 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 CRITICAL ALERT: #IngressNightmare - Four critical #RCE vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974) in #NGINX Ingress Controller for Kubernetes with #CVSS 9.8 score. This could affect a massive number of environments! https://t.co/aAepuv29JX ht

    @CheckmarxZero

    25 Mar 2025

    400 Impressions

    3 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/mtXaAEWWs5

    @SimoKohonen

    25 Mar 2025

    446 Impressions

    2 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  24. Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX -- CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/WNhg2vv1BG

    @SimoKohonen

    25 Mar 2025

    3 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX - CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/oHXasXgHCJ

    @SimoKohonen

    25 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/n4lHTFJokd https://t.co/iNInsgle0s

    @Trej0Jass

    25 Mar 2025

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. [CVE-2025-1098: HIGH] Security issue in ingress-nginx: Exploiting 'mirror-target' and 'mirror-host' Ingress annotations could lead to arbitrary code execution and disclosure of Secrets. More details at https://git...#cybersecurity,#vulnerability https://t.co/2pqA08pv8k https://t.

    @CveFindCom

    25 Mar 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🔴 Múltiples vulnerabilidades recientes de autenticación RCE en NGNIX (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098 y CVE-2025-1974) han sido denominadas colectivamente como IngressNightmare. 🧉 https://t.co/sjCbocBglv

    @MarquisioX

    24 Mar 2025

    143 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Vulnerabilidad crítica en NGINX Controller para Kubernetes permite RCE sin autenticación CVE-2025-24513 CVE-2025-24514 CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 IngressNightmare https://t.co/HawNQjP6C5 https://t.co/VwLI9zvGT4

    @elhackernet

    24 Mar 2025

    13110 Impressions

    76 Retweets

    240 Likes

    74 Bookmarks

    1 Reply

    0 Quotes

Related CVEs

  1. NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the rewrite directive is followed by a rewrite, if, or set directive and an unnamed Perl-Compatible Regular Expression (PCRE) capture (for example, $1, $2) with a replacement string that includes a question mark (?). An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.CVE-2026-42945
  2. A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2025-15566
  3. A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.CVE-2025-4563
  4. A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2025-24514
  5. A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)CVE-2025-1974

References

Sources include official advisories and independent security research.