Recently, Kubernetes officially released a security notice, disclosing an Ingress NGINX Remote Code Execution Vulnerability (CVE-2025-1974). Under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.

Ingress is the traditional Kubernetes feature and Ingress-nginx translates the requirements from Ingress objects into configuration for nginx. If you are a Kubernetes and Ingress-nginx user, check your system and implement timely security hardening.

https://github.com/kubernetes/kubernetes/issues/131009

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

critical

(Severity: low, medium, important, and critical)

ngress-nginx <= 1.12.0

ingress-nginx <= 1.11.4

ingress-nginx >= 1.12.1

ingress-nginx >= 1.11.5

This vulnerability has been fixed in later official versions. If your service version falls into the affected range, upgrade it to a latest secure version.

https://github.com/kubernetes/ingress-nginx/releases

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.

Get more professional support at any time

Contact Us