Notes


Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX

Wiz Research discovered CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974, a series of unauthenticated Remote Code Execution vulnerabilities in Ingress NGINX Controller for Kubernetes dubbed #IngressNightmare. Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover. Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX

March 26, 2025
#security#rce
For a bird born in captivity, flight is a mental illness.