CVE-2025-1097

geekydeveloper

CriticalIngressNightmareRCEvulnerabilities(CVE-2025-1097,CVE-2025-1098,CVE-2025-24514,CVE-2025-1974)inIngressNGINXController

carlos_crowsec

Our team has just successfully reproduced the IngressNightmare vulnerability (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) and created a custom exploit achieving RCE. It's a Pre-Auth RCE affecting Ingress NGINX that allows complete cluster takeover. We'll share our exploit soon. In the original post from the Wiz team, they didn't mention the path traversal technique used to load a malicious library via /proc. /HakaiOffsec /quimerax_asm

sec_phoenix

New Blog Post   IS  NGINX IngressNightmare bad? Bad news it is: Critical Remote Code Execution Threats (CVE-2025-1097, CVE-2025-1098, CVE-20 - https://t.co/lXOEuDJdNk

NickBla41002745

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare https://t.co/9Lid64NsNm

CCBalert

Warning: Critical improper isolation and input validation vulnerabilities in /kubernetesio #Ingress-nginx controller CVE-2025-1974, CVE-2025-1097,1098 & CVE-2025-24514 can lead to #RCE. #PoC available. CCB recommends updating to v1.11.5 & v1.12.1 #Patch https://t.co/6RXrUiALPh

CheckmarxZero

CRITICAL ALERT: #IngressNightmare - Four critical #RCE vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974) in #NGINX Ingress Controller for Kubernetes with #CVSS 9.8 score. This could affect a massive number of environments! https://t.co/otgaQnKXUp https://t.co/sOYQCEvIXB https://t.co/B29KVQtRZt https://t.co/FnEmQ7Tu0e

JFrogSecurity

[3/6] The root cause of the vulnerabilities is the ability to inject arbitrary directives to an NGINX configuration which is tested by `nginx -t`. The different ways to do this were each assigned a CVE: CVE-2025-1097, CVE-2025-1098, and CVE-2025-24514. An additional CVE was assigned for the specific method Wiz used to achieve RCE from this primitive: CVE-2025-1974.