AWS-2025-006
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/24 09:00AM PDT Description Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function. AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller . Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version . We have proactively notified customers who were identified as having this controller installed. References: CVE-2025-1098 - GitHub Issue CVE-2025-1974 - GitHub Issue CVE-2025-1097 - GitHub Issue CVE-2025-24514 - GitHub Issue CVE-2025-24513 - GitHub Issue Please email aws-security@amazon.com with any security questions or concerns.
Exploit Intelligence
- PoC for CVE-2025-1974: Critical RCE in Ingress-NGINX (<v1.12.1) via unsafe config injection. Exploitable from the pod network without credentials, enabling code execution and potential cluster takeover. Fixed in v1.12.1 and v1.11.5. For research/education only. (github-poc)
- ingress-nginx admission controller RCE escalation PoC (github-poc-repo)
- zsxen/CVE-2025-1974 (github-poc-repo)
- zsxen/cve-2025-1974-lab (github-poc-repo)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- zsxen/cve-2025-1974-lab (github-poc)
- zsxen/CVE-2025-1974 (github-poc)
- ingress-nginx admission controller RCE escalation PoC (github-poc)
- Kubernetes Ingress-nginx RCE (IngressNightmare) (github-poc)
- My view on IngressNightmare vulnerability (CVE-2025-1974) (github-poc)
…and 37 more exploits
Timeline
- Mar 24, 2025 CVE Published
References
- Issues with Kubernetes ingress-nginx controller (Multiple CVEs) advisory
- https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/ web
- https://kubernetes.io/docs/concepts/services-networking/ingress/ web
- https://github.com/kubernetes/ingress-nginx web
- https://kubernetes.github.io/ingress-nginx/deploy/upgrade/ web
- https://github.com/kubernetes/kubernetes/issues/131008 web
- https://github.com/kubernetes/kubernetes/issues/131009 web
- https://github.com/kubernetes/kubernetes/issues/131007 web
- https://github.com/kubernetes/kubernetes/issues/131006 web
- https://github.com/kubernetes/kubernetes/issues/131005 web