Best of 2025: CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
None
<p><strong>Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.</strong></p><h2>Background</h2><p>The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding IngressNightmare.</p><h2>FAQ</h2><p><strong>What is IngressNightmare?</strong></p><p>IngressNightmare is the name given to a series of vulnerabilities in the <a href="https://github.com/kubernetes/ingress-nginx"><u>Ingress NGINX Controller for Kubernetes</u></a>, an open source controller used for managing network traffic in Kubernetes clusters using NGINX as a reverse proxy and load balancer.</p><p><strong>What are the vulnerabilities associated with IngressNightmare?</strong></p><p>The following CVEs are associated with IngressNightmare:</p><table><thead><tr><th><strong>CVE</strong></th><th><strong>Description</strong></th><th><strong>CVSSv3</strong></th></tr></thead><tbody><tr><td><a href="https://www.tenable.com/cve/CVE-2025-1097"><u>CVE-2025-1097</u></a></td><td>Ingress NGINX Controller Configuration Injection via Unsanitized auth-tls-match-cn annotation</td><td>8.8</td></tr><tr><td><a href="https://www.tenable.com/cve/CVE-2025-1098"><u>CVE-2025-1098</u></a></td><td>Ingress NGINX Controller Configuration Injection via Unsanitized Mirror Annotations</td><td>8.8</td></tr><tr><td><a href="https://www.tenable.com/cve/CVE-2025-1974"><u>CVE-2025-1974</u></a></td><td>Ingress NGINX Admission Controller Remote Code Execution</td><td>9.8</td></tr><tr><td><a href="https://www.tenable.com/cve/CVE-2025-24513"><u>CVE-2025-24513</u></a></td><td>Ingress NGINX Controller Auth Secret File Path Traversal Vulnerability</td><td>4.8</td></tr><tr><td><a href="https://www.tenable.com/cve/CVE-2025-24514"><u>CVE-2025-24514</u></a></td><td>Ingress NGINX Controller Via Unsanitized Auth-URL Annotation</td><td>8.8</td></tr></tbody></table><p><strong>When was IngressNightmare first disclosed?</strong></p><p>Public disclosure of IngressNightmare happened on March 24 when news outlets, such as <a href="https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html"><u>The Hacker News</u></a>, began reporting on these vulnerabilities. At the time those articles were published, no patches were yet available from the Kubernetes team nor had a blog been published by the researchers who discovered these flaws.</p><p><strong>How critical are the IngressNightmare vulnerabilities?</strong></p><p>Based on the CVSS scores for these vulnerabilities, three are categorized as high severity, one is categorized as medium severity and one is categorized as critical severity.</p><p>The most severe flaw, CVE-2025-1974, requires an unauthenticated remote attacker to be able to access the admission controller, a component in the Ingress NGINX Controller that has more privileged access within a Kubernetes cluster.</p><p><strong>Are the IngressNightmare vulnerabilities part of a toxic combination?</strong></p><p>Yes, the five vulnerabilities that make up IngressNightmare can be chained together as part of a toxic combination (or exploit chain). Successful exploitation of these flaws would grant an attacker the ability to access cluster secrets, which could result in a cluster takeover.</p><p><strong>Was this exploited as a zero-day?</strong></p><p>No, these vulnerabilities were reported to Kubernetes through coordinated disclosure.</p><p><strong>Is there a proof-of-concept (PoC) available for these vulnerabilities?</strong></p><p>As of March 24, there are no public proof-of-concept exploits for any of the five CVEs associated with IngressNightmare.</p><p><strong>Are patches or mitigations available for IngressNightmare?</strong></p><p>Yes, on the evening of March 24, the Kubernetes team published two fixed versions of Ingress NGINX Controller:</p><table><thead><tr><th><strong>Affected product</strong></th><th><strong>Affected versions</strong></th><th><strong>Fixed version</strong></th></tr></thead><tbody><tr><td>Ingress NGINX Controller</td><td>1.12.0</td><td><a href="https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1"><u>1.12.1</u></a></td></tr><tr><td>Ingress NGINX Controller</td><td>1.11.4 and below</td><td><a href="https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5"><u>1.11.5</u></a></td></tr></tbody></table><p>Additionally, customers can use the following command to determine if clusters are using ingress-nginx:</p><pre><code>kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx</code></pre><p>For more specific information about mitigation steps, please refer to the <a href="https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/"><u>Kubernetes blog</u></a>.</p><p><strong>Does this also affect the NGINX Ingress Controller?</strong></p><p>No, while the names may sound similar, IngressNightmare does not affect the <a href="https://docs.nginx.com/nginx-ingress-controller/"><u>NGINX Ingress Controller</u></a> from F5.</p><p><strong>Has Tenable released any product coverage for these vulnerabilities?</strong></p><p>A list of Tenable plugins for these vulnerabilities will be available on the individual CVE pages as they’re released:</p><p>Our <a href="https://www.tenable.com/plugins/pipeline"><u>Plugins Pipeline</u></a> displays all available plugins for these vulnerabilities, including upcoming plugins, as they are added.</p><p>Additional coverage is being investigated by Tenable Research and this blog post will be updated accordingly.</p><h3>Get more information</h3><p><em><strong>Join </strong></em><em><strong> on the Tenable Community.</strong></em><br><em><strong>Learn more about </strong></em><em><strong>, the Exposure Management Platform for the modern attack surface.</strong></em></p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2025/12/cve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-2/" data-a2a-title="Best of 2025: CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fcve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-2%2F&linkname=Best%20of%202025%3A%20CVE-2025-1097%2C%20CVE-2025-1098%2C%20CVE-2025-1974%2C%20CVE-2025-24513%2C%20CVE-2025-24514%3A%20Frequently%20Asked%20Questions%20About%20IngressNightmare" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fcve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-2%2F&linkname=Best%20of%202025%3A%20CVE-2025-1097%2C%20CVE-2025-1098%2C%20CVE-2025-1974%2C%20CVE-2025-24513%2C%20CVE-2025-24514%3A%20Frequently%20Asked%20Questions%20About%20IngressNightmare" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fcve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-2%2F&linkname=Best%20of%202025%3A%20CVE-2025-1097%2C%20CVE-2025-1098%2C%20CVE-2025-1974%2C%20CVE-2025-24513%2C%20CVE-2025-24514%3A%20Frequently%20Asked%20Questions%20About%20IngressNightmare" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fcve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-2%2F&linkname=Best%20of%202025%3A%20CVE-2025-1097%2C%20CVE-2025-1098%2C%20CVE-2025-1974%2C%20CVE-2025-24513%2C%20CVE-2025-24514%3A%20Frequently%20Asked%20Questions%20About%20IngressNightmare" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2025%2F12%2Fcve-2025-1097-cve-2025-1098-cve-2025-1974-cve-2025-24513-cve-2025-24514-frequently-asked-questions-about-ingressnightmare-2%2F&linkname=Best%20of%202025%3A%20CVE-2025-1097%2C%20CVE-2025-1098%2C%20CVE-2025-1974%2C%20CVE-2025-24513%2C%20CVE-2025-24514%3A%20Frequently%20Asked%20Questions%20About%20IngressNightmare" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>