Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet.

The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of 9.8, have been collectively codenamed IngressNightmare by cloud security firm Wiz. It's worth noting that the shortcomings do not impact NGINX Ingress Controller, which is another ingress controller implementation for NGINX and NGINX Plus.

"Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover," the company said in a report shared with The Hacker News.

IngressNightmare, at its core, affects the admission controller component of the Ingress NGINX Controller for Kubernetes. About 43% of cloud environments are vulnerable to these vulnerabilities.

Ingress NGINX Controller uses NGINX as a reverse proxy and load balancer, making it possible to expose HTTP and HTTPS routes from outside a cluster to services within it.

The vulnerability takes advantage of the fact that admission controllers, deployed within a Kubernetes pod, are accessible over the network without authentication.

Specifically, it involves injecting an arbitrary NGINX configuration remotely by sending a malicious ingress object (aka AdmissionReview requests) directly to the admission controller, resulting in code execution on the Ingress NGINX Controller's pod.

"The admission controller's elevated privileges and unrestricted network accessibility create a critical escalation path," Wiz explained. "Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, that could lead to complete cluster takeover."

The shortcomings are listed below -

• CVE-2025-24513 (CVSS score: 4.8) – An improper input validation vulnerability that could result in directory traversal within the container, leading to denial-of-service (DoS) or limited disclosure of secret objects from the cluster when combined with other vulnerabilities
• CVE-2025-24514 (CVSS score: 8.8) – The auth-url Ingress annotation can be used to inject configuration into NGINX, resulting in arbitrary code execution in the context of the ingress-nginx controller and disclosure of secrets accessible to the controller
• CVE-2025-1097 (CVSS score: 8.8) – The auth-tls-match-cn Ingress annotation can be used to inject configuration into NGINX, resulting in arbitrary code execution in the context of the ingress-nginx controller and disclosure of secrets accessible to the controller
• CVE-2025-1098 (CVSS score: 8.8) – The mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into NGINX, resulting in arbitrary code execution in the context of the ingress-nginx controller and disclosure of secrets accessible to the controller
• CVE-2025-1974 (CVSS score: 9.8) – An unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller under certain conditions

In an experimental attack scenario, a threat actor could upload a malicious payload in the form of a shared library to the pod by using the client-body buffer feature of NGINX, followed by sending an AdmissionReview request to the admission controller.

The request, in turn, contains one of the aforementioned configuration directive injections that causes the shared library to be loaded, effectively leading to remote code execution.

Hillai Ben-Sasson, cloud security researcher at Wiz, told The Hacker News that the attack chain essentially involves injecting a malicious configuration, and utilizing it to read sensitive files and run arbitrary code. This could subsequently permit an attacker to abuse a strong Service Account in order to read Kubernetes secrets and ultimately facilitate cluster takeover.

Following responsible disclosure, the vulnerabilities have been addressed in Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7.

Users are recommended to update to the latest version as soon as possible and ensure that the admission webhook endpoint is not exposed externally.

As mitigations, it's advised to limit only the Kubernetes API Server to access the admission controller and temporarily disable the admission controller component if it's not needed.