{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1974", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2025-03-04T21:34:07.543Z", "datePublished": "2025-03-24T23:28:48.985Z", "dateUpdated": "2025-03-27T03:55:19.309Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Validating Admission Controller"], "product": "ingress-nginx", "repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "kubernetes", "versions": [{"lessThanOrEqual": "1.11.4", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "affected", "version": "1.12.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nir Ohfeld"}, {"lang": "en", "type": "finder", "value": "Ronen Shustin"}, {"lang": "en", "type": "finder", "value": "Sagi Tzadik"}, {"lang": "en", "type": "finder", "value": "Hillai Ben Sasson"}], "datePublic": "2025-03-24T19:36:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "impacts": [{"capecId": "CAPEC-251", "descriptions": [{"lang": "en", "value": "CAPEC-251 Local Code Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-653", "description": "CWE-653 Improper Isolation or Compartmentalization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2025-03-24T23:28:48.985Z"}, "references": [{"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"}], "source": {"discovery": "EXTERNAL"}, "title": "ingress-nginx admission controller RCE escalation", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."}], "value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-1974"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T03:55:19.309Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1974", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-25T13:40:31.271003Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T13:40:25.261Z"}}], "cna": {"title": "ingress-nginx admission controller RCE escalation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Nir Ohfeld"}, {"lang": "en", "type": "finder", "value": "Ronen Shustin"}, {"lang": "en", "type": "finder", "value": "Sagi Tzadik"}, {"lang": "en", "type": "finder", "value": "Hillai Ben Sasson"}], "impacts": [{"capecId": "CAPEC-251", "descriptions": [{"lang": "en", "value": "CAPEC-251 Local Code Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "kubernetes", "modules": ["Validating Admission Controller"], "product": "ingress-nginx", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.11.4"}, {"status": "affected", "version": "1.12.0"}], "defaultStatus": "unaffected"}], "datePublic": "2025-03-24T19:36:00.000Z", "references": [{"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"}], "workarounds": [{"lang": "en", "value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.", "supportingMedia": [{"type": "text/html", "value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "supportingMedia": [{"type": "text/html", "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-653", "description": "CWE-653 Improper Isolation or Compartmentalization"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2025-03-24T23:28:48.985Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1974", "state": "PUBLISHED", "dateUpdated": "2025-03-27T03:55:19.309Z", "dateReserved": "2025-03-04T21:34:07.543Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2025-03-24T23:28:48.985Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}, {"lang": "es", "value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde, bajo ciertas condiciones, un atacante no autenticado con acceso a la red de pods puede ejecutar c\u00f3digo arbitrario en el contexto del controlador ingress-nginx. Esto puede provocar la divulgaci\u00f3n de secretos accesibles al controlador. (Tenga en cuenta que, en la instalaci\u00f3n predeterminada, el controlador puede acceder a todos los secretos del cl\u00faster)."}], "id": "CVE-2025-1974", "lastModified": "2025-03-27T16:45:46.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2025-03-25T00:15:14.753", "references": [{"source": "jordan@liggitt.net", "url": "https://https://github.com/kubernetes/kubernetes/issues/131009"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-653"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{"bugzilla": {"description": "ingress-nginx: ingress-nginx admission controller RCE escalation", "id": "2354661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354661"}, "csaw": false, "cwe": "CWE-653", "details": ["A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "A flaw was found in Kubernetes where, under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This issue can lead to the disclosure of Secrets accessible to the controller. Note that the controller can access all Secrets cluster-wide in the default installation."], "name": "CVE-2025-1974", "public_date": "2025-03-24T23:28:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1974"], "statement": "Red Hat Product Security has determined that this vulnerability does not affect any currently supported Red Hat product. \nIngress-NGINX is not the default ingress controller shipped with Red Hat OpenShift. Instead, Red Hat OpenShift ships with and supports its own ingress controller based on HAProxy, known as the OpenShift Router. This controller is fully integrated with OpenShift's networking and security models and is managed by the Ingress Operator."}

{"created": "2025-07-21T15:17:49.119465+00:00", "updated": "2025-07-21T15:17:49.119546+00:00", "vendors": ["kubernetes", "kubernetes$PRODUCT$ingress-nginx"]}