CVE-2025-24514

Published Mar 25, 2025

Last updated 3 months ago

CVSS high 8.8
Kubernetes
IngressNightmare
NGINX

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-24514 is one of several critical vulnerabilities collectively named "IngressNightmare" found in the Ingress NGINX Controller for Kubernetes. This vulnerability exists in the admission controller component, which is responsible for validating incoming ingress objects. The admission controllers are accessible over the network without authentication. By sending a malicious ingress object directly to the admission controller, an attacker can inject an arbitrary NGINX configuration remotely. This leads to code execution on the Ingress NGINX Controller's pod, potentially granting unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster, and possibly leading to complete cluster takeover.

Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Source
jordan@liggitt.net
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

jordan@liggitt.net
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2025-24514:A security issue was discovered in ingress-nginx https://t.co/7gWmKPZPIV where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution https://t.co/mA0zycqYQ8 https://t.co/yjqnqX1lud

    @cyber_advising

    12 Jun 2025

    1159 Impressions

    2 Retweets

    11 Likes

    6 Bookmarks

    0 Replies

    0 Quotes

  2. Recently, the cloud security platform Wiz Research disclosed five security vulnerabilities in Ingress Nginx, specifically CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974. These are unauthenticated remote code execution vulnerabilities in the Kubernetes Ingress htt

    @alibaba_cloud

    21 Apr 2025

    2712 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Recently, the cloud security platform Wiz Research disclosed five security vulnerabilities in Ingress Nginx, specifically CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974. These are unauthenticated remote code execution vulnerabilities in the Kubernetes Ingress htt

    @alibaba_cloud

    21 Apr 2025

    110 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/QeoxJBRLwf https://t.co/wwtWqOL4AR

    @IT_Peurico

    3 Apr 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/9Lid64NsNm https://t.co/a9RJUkGLNZ

    @NickBla41002745

    31 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #wiz #IngressNightmare #POC #Security CVE-2025-24514 - auth-url injection -- when IsAuthURL = true CVE-2025-1097 - auth-tls-match-cn injection -- when IsAuthTLSMatchCN = true CVE-2025-1098 – mirror UID injection -- when IsMirrorWithUID = true Exps here: https://t.co/V9KzF45OJW

    @Skyworship2

    30 Mar 2025

    556 Impressions

    0 Retweets

    5 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  7. Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/UyZeLktPnH

    @SeniorHack82173

    28 Mar 2025

    11 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. https://t.co/DKk60FqzHY

    @AfricaCERT

    27 Mar 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) https://t.co/DifyO9PFuI https://t.co/1wwKpK8hcj

    @DarkWebInformer

    27 Mar 2025

    18614 Impressions

    66 Retweets

    239 Likes

    71 Bookmarks

    2 Replies

    2 Quotes

  10. IngressNightmare PoC available (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) https://t.co/tWWdrj0eLw

    @t3l3machus

    27 Mar 2025

    944 Impressions

    13 Retweets

    28 Likes

    10 Bookmarks

    0 Replies

    0 Quotes

  11. 🔴 Major vulnerabilities found in Ingress NGINX controller for Kubernetes, known as "Ingress Nightmare." Unauthenticated remote code execution is a serious risk! 🛡️ CVEs: CVE-2025-24513, CVE-2025-24514. #K8s #NGINX #USA link: https://t.co/8i9eCYD87l https://t.co/W990iBqdoX

    @TweetThreatNews

    27 Mar 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. My week thanks to CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-29927, CVE-2025-24813....... https://t.co/QM3hlv6IlT

    @mruston

    26 Mar 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Our team has just successfully reproduced the IngressNightmare vulnerability (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) and created a custom exploit achieving RCE. It's a Pre-Auth RCE affecting Ingress NGINX that allows complete cluster takeover. We'll htt

    @carlos_crowsec

    26 Mar 2025

    51970 Impressions

    164 Retweets

    743 Likes

    361 Bookmarks

    10 Replies

    2 Quotes

  14. Safeguard Kubernetes from critical RCE threats (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974). Explore ASPM, remediation strategies, and Phoenix Security insights to secure your NGINX ingress and block advanced attacks. #kubernetes #vulnerability #nginx #aspm https

    @sec_phoenix

    26 Mar 2025

    58 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/ndSChz8g50 https://t.co/VSSptdSAm7

    @Trej0Jass

    26 Mar 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX #IngressNightmare CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 CVE-2025-1974, https://t.co/s8USBfedJJ

    @freedomhack101

    26 Mar 2025

    41 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/0QPPHQeRNI https://t.co/e3UFJ0twAu

    @secured_cyber

    26 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 CVE-2025-24514 🔴 HIGH (8.8) 🏢 kubernetes - ingress-nginx 🏗️ 0 🔗 https://t.co/nVjYHB9TqW #CyberCron #VulnAlert #InfoSec https://t.co/uB8yc8KHSw

    @cybercronai

    25 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Five newly disclosed critical vulnerabilities in the Ingress NGINX Controller for Kubernetes—collectively dubbed IngressNightmare — pose a severe remote code execution (RCE) risk to cloud environments. These flaws (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and

    @cytexsmb

    25 Mar 2025

    152 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    2 Replies

    2 Quotes

  20. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/M5466CUVpq https://t.co/kLG5oaB8HP

    @pcasano

    25 Mar 2025

    79 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 🚨Patch up your Kubernetes installs. ⚠️ Affected @kubernetesio versions: < v1.11.0 v1.11.0 - 1.11.4 v1.12.0 🦠Vulnerabilities  CVE-2025-1974 CVE-2025-1097  CVE-2025-1098  CVE-2025-24514 CVE-2025-24513 https://t.co/zrLTDB2rU4

    @gothburz

    25 Mar 2025

    192 Impressions

    0 Retweets

    52 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. 🚨 CRITICAL ALERT: #IngressNightmare - Four critical #RCE vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974) in #NGINX Ingress Controller for Kubernetes with #CVSS 9.8 score. This could affect a massive number of environments! https://t.co/aAepuv29JX ht

    @CheckmarxZero

    25 Mar 2025

    400 Impressions

    3 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/mtXaAEWWs5

    @SimoKohonen

    25 Mar 2025

    446 Impressions

    2 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  24. Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX -- CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/WNhg2vv1BG

    @SimoKohonen

    25 Mar 2025

    3 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Shodan query for IngressNightmare: (9.8 Critical Unauth RCE in Ingress NGINX - CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974) ssl:"nil1" port:8443 https://t.co/oHXasXgHCJ

    @SimoKohonen

    25 Mar 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/n4lHTFJokd https://t.co/iNInsgle0s

    @Trej0Jass

    25 Mar 2025

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. [CVE-2025-24514: HIGH] Security flaw in ingress-nginx allows injection through `auth-url` Ingress annotation, risking arbitrary code execution & Secret disclosure in controller context. Ensure immediate action.#cybersecurity,#vulnerability https://t.co/Py3SIWVNDD https://t.co

    @CveFindCom

    25 Mar 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🔴 Múltiples vulnerabilidades recientes de autenticación RCE en NGNIX (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098 y CVE-2025-1974) han sido denominadas colectivamente como IngressNightmare. 🧉 https://t.co/sjCbocBglv

    @MarquisioX

    24 Mar 2025

    143 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Vulnerabilidad crítica en NGINX Controller para Kubernetes permite RCE sin autenticación CVE-2025-24513 CVE-2025-24514 CVE-2025-1097 CVE-2025-1098 CVE-2025-1974 IngressNightmare https://t.co/HawNQjP6C5 https://t.co/VwLI9zvGT4

    @elhackernet

    24 Mar 2025

    13110 Impressions

    76 Retweets

    240 Likes

    74 Bookmarks

    1 Reply

    0 Quotes

References

Sources include official advisories and independent security research.