Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

CVE-2025-1098

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the mirror-target and mirror-host annotations. Remediation Upgrade github.com/kubernetes/ingress-nginx/internal/ingress/controller/template to version 1.11.5, 1.12.1, 4.11.5, 4.12.1 or higher. Reference...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the mirror-target and mirror-host annotations. Remediation Upgrade k8s.io/ingress-nginx/internal/ingress/controller/template to version 1.11.5, 1.12.1, 4.11.5, 4.12.1 or higher. References - GitHub Comm...

Kubernetes ingress-nginx 输入验证错误漏洞

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary...