CVE-2025-1974: ingress-nginx admission controller RCE escalation
9.8
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.99438%
CWE
Published
3/25/2025
Updated
3/25/2025
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
k8s.io/ingress-nginx | go | ||
k8s.io/ingress-nginx | go |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from improper isolation in admission controller validation (CWE-653). The patch notes mention disabling NGINX config validation during admission control, indicating ValidateIngress was involved in insecure validation. The admission controller's webhook setup (createApiserverConfig) likely exposed vulnerable endpoints. These functions would directly handle untrusted input validation and network exposure, aligning with the RCE vector described.
Vulnerable functions
ValidateIngress
internal/ingress/controller/controller.go
Function responsible for validating Ingress resources likely lacked proper input sanitization, allowing malicious configurations to trigger arbitrary code execution through NGINX template generation
createApiserverConfig
internal/ingress/admission/controller.go
Admission controller setup potentially exposed unauthenticated endpoints that processed untrusted input without proper validation