VDB
CVE-2025-1974
CVE-2025-1974
PUBLISHED
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
EPSS 91.13% · 99.7th percentile
Risk Scores
EPSS Score
91.13%
99.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | nginx-ingress-controller | 1.12.0, 0 |
| Bitnami | nginx-ingress-controller | 0, 1.12.0 |
Timeline
- CVE Published
- Mar 25, 2025 EPSS Score
- Mar 25, 2025 Coalition ESS Score
- Mar 26, 2025 EPSS Score
- Mar 27, 2025 Coalition ESS Score
- Mar 28, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 1, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
- Apr 15, 2025 EPSS Score