CVE-2025-1974: IngressNightmare (Kubernetes Ingress-NGINX)

CRITICAL
9.8CRITICAL
Published: 2025-03-24Affected: ingress-nginx < 1.12.1 / 1.11.5CWE-94

What is IngressNightmare?

A critical unauthenticated RCE vulnerability in the Kubernetes ingress-nginx admission controller, dubbed "IngressNightmare." Attackers can inject arbitrary NGINX configuration directives through ingress annotations, achieving code execution on the ingress controller pod.

Impact & Exploitation

Affects ~43% of all Kubernetes clusters. Enables cluster takeover by accessing secrets from all namespaces. Any pod in the cluster can exploit the admission webhook without authentication.

How Precogs AI Detects IngressNightmare (Kubernetes Ingress-NGINX)

Precogs AI identifies vulnerable ingress-nginx versions in Kubernetes deployments and detects configuration injection patterns in compiled admission controller binaries.

Scan for CVE-2025-1974

Related Resources

🔍 Related CWE Entries

📋 OWASP Top 10

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-94
Published2025-03-24

Tags

kubernetesrcecloudcontainer

Quick Links

Is your system affected?

Precogs AI detects IngressNightmare (Kubernetes Ingress-NGINX) in compiled binaries and firmware — even without source code.

Request Deep Analysis