---
title: >-
  Ingress NGINX Controller pod is vulnerable to critical remote code execution
  vulnerability (IngressNightmare)
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Ingress NGINX Controller pod is
  vulnerable to critical remote code execution vulnerability (IngressNightmare)
---

# Ingress NGINX Controller pod is vulnerable to critical remote code execution vulnerability (IngressNightmare)
 
## Description{% #description %}

This check assesses Kubernetes clusters for vulnerabilities associated with the Ingress NGINX Controller, collectively known as "IngressNightmare." These critical vulnerabilities, including CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, and CVE-2025-1098, can allow unauthenticated remote code execution (RCE) and unauthorized access to sensitive data within the cluster. Exploitation of these vulnerabilities could lead to a complete cluster takeover.

## Remediation{% #remediation %}

To mitigate the risks associated with the IngressNightmare vulnerabilities:

1. **Update the Ingress NGINX Controller**:Upgrade to the latest patched versions—1.12.1, 1.11.5, or 1.10.7—which address these vulnerabilities.

1. **Restrict Access to the Admission Controller**:Ensure that the admission webhook endpoint is not exposed externally. Limit access to only the Kubernetes API server to prevent unauthorized ingress object submissions.

1. **Monitor and Detect Exploitation Attempts**:Implement monitoring solutions to detect unusual activities, such as loading shared libraries from the `/proc` filesystem within the NGINX Ingress container, which may indicate exploitation attempts.

For detailed guidance on these vulnerabilities and their mitigation, refer to the [Kubernetes Official Blog on CVE-2025-1974](https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/).