Ingress NGINX Controller pod is vulnerable to critical remote code execution vulnerability (IngressNightmare)
Set up the kubernetes integration.
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
Description
This check assesses Kubernetes clusters for vulnerabilities associated with the Ingress NGINX Controller, collectively known as “IngressNightmare.” These critical vulnerabilities, including CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, and CVE-2025-1098, can allow unauthenticated remote code execution (RCE) and unauthorized access to sensitive data within the cluster. Exploitation of these vulnerabilities could lead to a complete cluster takeover.
To mitigate the risks associated with the IngressNightmare vulnerabilities:
Update the Ingress NGINX Controller:
Upgrade to the latest patched versions—1.12.1, 1.11.5, or 1.10.7—which address these vulnerabilities.
Restrict Access to the Admission Controller:
Ensure that the admission webhook endpoint is not exposed externally. Limit access to only the Kubernetes API server to prevent unauthorized ingress object submissions.
Monitor and Detect Exploitation Attempts:
Implement monitoring solutions to detect unusual activities, such as loading shared libraries from the /proc filesystem within the NGINX Ingress container, which may indicate exploitation attempts.
For detailed guidance on these vulnerabilities and their mitigation, refer to the Kubernetes Official Blog on CVE-2025-1974.
