IngressNightmare: CVE-2025-1974 - 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX

Over 40% of cloud environments are vulnerable to RCE, likely leading to a complete cluster takeover...

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities...

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

Kubernetes ingress-nginx 输入验证错误漏洞

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...

Kubernetes ingress-nginx 安全漏洞

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...

Kubernetes ingress-nginx 输入验证错误漏洞

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from auth-tls-match-cn Ingress annotations can be used to inject configurations, which could le...

Kubernetes ingress-nginx 输入验证错误漏洞

Kubernetes ingress-nginx is an entry controller for Kubernetes, an open source from the Cloud Native Computing Foundation that uses NGINX as a reverse proxy and load balancer. An input validation error vulnerability exists in Kubernetes ingress-nginx that originates from directory traversal and...

PT-2025-12715

Name of the Vulnerable Software and Affected Versions Ingress-nginx versions prior to 1.12.1, from 1.12.0-beta.0 before 1.12.1 Description Ingress-nginx is vulnerable to a critical remote code execution RCE vulnerability CVE-2025-1974 with a CVSS score of 9.8. This flaw allows unauthenticated...

PT-2025-12714 · Unknown +1 · Ingress-Nginx +1

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description: A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject...

PT-2025-12716 · Unknown +1 · Ingress-Nginx +1

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to v1.12.1 ingress-nginx versions before v1.11.5 ingress-nginx versions from v1.12.0-beta.0 before v1.12.1 Description: A security issue was discovered in ingress-nginx where attacker-provided data are included in...

PT-2025-12713

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.11.5 ingress-nginx versions 1.12.0-beta.0 through 1.12.0 Description A security issue exists where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This may allow a remo...

PT-2025-12717

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description A security issue exists in ingress-nginx where the auth-url Ingress annotation can be exploited to inject configuration into nginx...

1.24 bug fix and enhancement update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

1.22 bug fix and enhancement update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rock...

nginx bug fix and enhancement update

An update is available for nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

PT-2025-11679 · Openresty +1 · Lua-Nginx-Module +2

Name of the Vulnerable Software and Affected Versions: OpenResty/lua-nginx-module affected versions not specified Description: The issue concerns HTTP Request Smuggling in HEAD requests. When handling HTTP/1.1 requests, the lua-nginx-module incorrectly parses HEAD requests with a body, treating t...

ROS-20250307-10

Vulnerability in nginx software is related to TLS session resumption when processing client certificate client certificate authentication. Exploitation of the vulnerability could allow an attacker acting remotely, an attacker could bypass the authentication process...