CVE-2025-1974: ingress-nginx admission controller RCE escalation
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.9939%
CWE
Published
3/25/2025
Updated
3/25/2025
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
k8s.io/ingress-nginx | go | ||
k8s.io/ingress-nginx | go |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper isolation in admission controller validation
(CWE-653). The patch notes mention disabling NGINX config
validation during admission control, indicating ValidateIngress
was involved in insecure validation
. The admission controller's webhook setup (createApiserverConfig
) likely exposed vulnerable endpoints. These functions would directly handle untrusted input validation
and network exposure, aligning with the RCE vector described.
Vulnerable functions
ValidateIngress
internal/ingress/controller/controller.go
Function responsible for validating Ingress resources likely lacked proper input sanitization, allowing malicious configurations to trigger arbitrary code execution through NGINX template generation
createApiserverConfig
internal/ingress/admission/controller.go
Admission controller setup potentially exposed unauthenticated endpoints that processed untrusted input without proper validation