Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

“Minions & Monsters” is nonsense, but it will be enjoyed by all generations.

Taylor Swift and Travis Kelce donate millions to charity before wedding

See Taylor Swift’s best announcement looks before the wedding rumors

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » Critical Ingress Nginx Controller Vulnerability enables RCE without authentication
Celebrities

Critical Ingress Nginx Controller Vulnerability enables RCE without authentication

By March 24, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

March 24, 2025Ravi LakshmananVulnerability/Cloud Security

Kubernetes’ Ingress Nginx Controllers disclose a set of sets to Kubernetes’ Ingress Nginx Controllers, which can immediately put more than 6,500 clusters at risk by exposing components to the public Internet.

Vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1098) assigned a CVSS score of 9.8. It is worth noting that the drawbacks do not affect the Nginx Ingress controller. This is another Ingress controller implementation for Nginx and Nginx Plus.

“The exploitation of these vulnerabilities could lead to unauthorized access to all secrets stored in all namespaces of the Kubernetes cluster by attackers, leading to cluster takeover,” the company said in a report shared with Hacker News.

Cybersecurity

Ingressnightmare affects the entry controller component of Kubernetes’ Ingress nginx controllers at its core. Approximately 43% of cloud environments are vulnerable to these vulnerabilities.

The Ingress Nginx controller uses Nginx as a reverse proxy and load balancer, allowing HTTP and HTTPS routes to services within it from outside the cluster.

The vulnerability exploits the fact that admission controllers deployed within the Kubernetes pods are accessible over the network without authentication.

Specifically, code is executed in the Ingress Nginx controller pod, including remotely injecting any Nginx configuration by sending a malicious Ingress object (aka AdzentReview Request) directly to the entrance controller.

“The increased privileges of admission controllers and unlimited network accessibility create important escalation paths,” Wiz explained. “By exploiting this flaw, attackers can run arbitrary code and access all cluster secrets across the namespace, which could lead to a complete cluster takeover.”

The drawbacks are listed below –

CVE-2025-24514 – Auth-URL Annotation Injection CVE-2025-1097 – Auth-TLS-Match-CN Annotation Injection CVE-2025-1098 – Mirror UID Injection CVE-2025-1974 – Running NGINX Configuration Code Execution

In an experimental attack scenario, threat actors can use NGINX’s client body buffer feature to upload malicious payloads to the pod in the form of shared libraries, then send an AdmissimentReview request to the admission controller.

This request then contains one of the above-mentioned configuration directive injections that cause the shared library to be loaded, effectively leading to the execution of remote code.

Cybersecurity

Hillai Ben-Sasson, a cloud security researcher at Wiz, told Hacker News that the attack chain involves injecting an inherently malicious configuration, which is used to read sensitive files and execute arbitrary code. This allows attackers to exploit powerful service accounts to read Kubernetes secrets and ultimately drive cluster acquisitions.

Following responsible disclosure, the vulnerabilities are addressed in nginx controller versions 1.12.1, 1.11.5, and 1.10.7.

Users are advised to update to the latest version as soon as possible and to ensure that the Anizent Webhook endpoint is not exposed externally.

As a mitigation, we recommend restricting only the Kubernetes API server to access the enrollment controller, and temporarily disable the enrollment controller component if not needed.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleTrump imposes 25% tariff on countries buying oil from Venezuela | Donald Trump News
Next Article AI Creation Platform Arcade expands from gems to household items

Related Posts

See Taylor Swift’s best announcement looks before the wedding rumors

July 2, 2026

Kate Middleton wears Gabriella Hearst suit for Wimbledon 2026

July 2, 2026

Taylor Swift’s wedding dress and bridal music video look

July 1, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

“Minions & Monsters” is nonsense, but it will be enjoyed by all generations.

Taylor Swift and Travis Kelce donate millions to charity before wedding

See Taylor Swift’s best announcement looks before the wedding rumors

Harry Styles celebrates England’s World Cup victory over Democratic Republic of the Congo at Wembley

Trending Posts

Taylor Swift and Travis Kelce donate millions to charity before wedding

July 2, 2026

See Taylor Swift’s best announcement looks before the wedding rumors

July 2, 2026

Harry Styles celebrates England’s World Cup victory over Democratic Republic of the Congo at Wembley

July 2, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.