VDB
CVE-2025-24514
CVE-2025-24514
PUBLISHED
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
EPSS 47.48% · 97.8th percentile
Risk Scores
EPSS Score
47.48%
97.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | nginx-ingress-controller | 1.12.0, 0 |
| Bitnami | nginx-ingress-controller | 0, 1.12.0 |
Exploit Intelligence
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
- KimJuhyeong95/cve-2025-24514 (github-poc)
…and 49 more exploits
Timeline
- Mar 24, 2025 CVE Published
- Mar 25, 2025 PoC Published
- Mar 25, 2025 EPSS Score
- Mar 25, 2025 Coalition ESS Score
- Mar 25, 2025 Coalition ESS Score
- Mar 27, 2025 Coalition ESS Score
- Apr 11, 2025 EPSS Score
- Apr 15, 2025 EPSS Score
- Apr 25, 2025 EPSS Score
- May 14, 2025 EPSS Score
- May 17, 2025 EPSS Score
- May 30, 2025 EPSS Score