4.8

CVSS Score

Basic Information

CVE ID

CVE-2025-24513

GHSA ID

GHSA-242m-6h72-7hgp

EPSS Score

CWE

CWE-20

Published

3/25/2025

Updated

3/25/2025

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-24513

CVE-2025-24513:
ingress-nginx controller - auth secret file path traversal vulnerability

A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

(GitHub Advisory)

4.8

CVSS Score

Basic Information

CVE ID

CVE-2025-24513

GHSA ID

GHSA-242m-6h72-7hgp

EPSS Score

CWE

CWE-20

Published

3/25/2025

Updated

3/25/2025

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
k8s.io/ingress-nginx	go
k8s.io/ingress-nginx	go

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper path handling in the Admission Controller's secret management. The functions responsible for creating auth secret files and validating secret references would be the primary points where user-controlled input (secret names) are incorporated into file paths without adequate sanitization. The CWE-20 and CWE-22 mapping directly indicates missing input validation for path construction. The pattern matches common path traversal vulnerabilities where user-supplied data is used in file operations without sanitization.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* s**urity issu* w*s *is*ov*r** in [in*r*ss-n*inx](*ttps://*it*u*.*om/ku**rn*t*s/in*r*ss-n*inx) w**r* *tt**k*r-provi*** **t* *r* in*lu*** in * *il*n*m* *y t** in*r*ss-n*inx **mission *ontroll*r ***tur*, r*sultin* in *ir**tory tr*v*rs*l wit*in t** *on

Reasoning

T** vuln*r**ility st*ms *rom improp*r p*t* **n*lin* in t** **mission *ontroll*r's s**r*t m*n***m*nt. T** *un*tions r*sponsi*l* *or *r**tin* *ut* s**r*t *il*s *n* v*li**tin* s**r*t r***r*n**s woul* ** t** prim*ry points w**r* us*r-*ontroll** input (s*

4.8

Basic Information

Concerned about an active attack path?

CVE-2025-24513: ingress-nginx controller - auth secret file path traversal vulnerability

4.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-24513:
ingress-nginx controller - auth secret file path traversal vulnerability

Vulnerability Intelligence
Miggo AI