Research team of Wiz Security reports on a series of vulnerabilities, CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974 collectively referred to as IngressNightmare, a vulnerability of the popular Ingress NGINX Controller.
Ingress NGINX, an open-source project under Kubernetes, acts as a reverse proxy for services within Kubernetes. The issue lies in the Controller opening Admission Webhook access without login requirements. When a user sends an AdmissionReview command, NGINX Controller checks the configuration with the command `nginx -t`.
The problem arises from `nginx -t` not being merely a read operation. If a malicious actor crafts the configuration effectively, it can lead to code execution. For example, the command `ssl_engine` in nginx configuration loads libraries into the process, becoming a gateway for code execution.
When combined with Ingress NGINX, which allows hackers to inject configurations into Kubernetes clusters, the IngressNightmare vulnerability becomes a severe and widespread threat.
Source: Wiz
TLDR: Wiz Security research team identifies IngressNightmare, a high-severity vulnerability in the popular Ingress NGINX Controller under Kubernetes, allowing malicious actors to execute code via crafted configurations.
Leave a Comment