CVE-2025-24513 — Vulnetix

CVE-2025-24513 PUBLISHED

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

EPSS 0.14% · 33.4th percentile

Risk Scores

EPSS Score

0.14%

33.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	nginx-ingress-controller	0, 1.12.0
Bitnami	nginx-ingress-controller	1.12.0, 0

Timeline

Mar 24, 2025 CVE Published
Mar 25, 2025 EPSS Score
Mar 25, 2025 Coalition ESS Score
Mar 28, 2025 Coalition ESS Score
Apr 7, 2025 EPSS Score
Apr 20, 2025 EPSS Score
May 3, 2025 EPSS Score
May 16, 2025 EPSS Score
May 30, 2025 EPSS Score
Jun 12, 2025 EPSS Score
Jun 25, 2025 EPSS Score
Jul 8, 2025 EPSS Score

References

https://github.com/kubernetes/kubernetes/issues/131005 url
https://nvd.nist.gov/vuln/detail/CVE-2025-24513 url
https://security.netapp.com/advisory/ntap-20250328-0008/ url

Open in Interactive Console →