AWS-2025-006
PUBLISHED
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/03/24 09:00AM PDT Description Ingress Controllers are applications within a Kubernetes cluster that enable Ingress resources to function. AWS is aware of CVE-2025-1098, CVE-2025-1974, CVE-2025-1097, CVE-2025-24514, and CVE-2025-24513, which affect the Kubernetes ingress-nginx controller . Amazon Elastic Kubernetes Service (Amazon EKS) does not provide or install the ingress-nginx controller and is not affected by these issues. Customers who have installed this controller on their clusters should update to the latest version . We have proactively notified customers who were identified as having this controller installed. References: CVE-2025-1098 - GitHub Issue CVE-2025-1974 - GitHub Issue CVE-2025-1097 - GitHub Issue CVE-2025-24514 - GitHub Issue CVE-2025-24513 - GitHub Issue Please email aws-security@amazon.com with any security questions or concerns.
