A critical vulnerability in Kubernetes' ingress-nginx controller, identified as CVE-2025-1974, has been actively exploited, posing a significant threat to cloud-native environments. With a CVSS score of 9.8, this flaw allows unauthenticated attackers with access to the pod network to execute arbitrary code within the ingress-nginx controller's context. This could potentially lead to the exposure of sensitive data, including Kubernetes Secrets accessible to the controller.
The vulnerability, published on March 24, 2025, is classified under CWE-653, indicating a failure to properly isolate resources, which can lead to unauthorized access. The exploitability of this flaw is underscored by its high Exploit Prediction Scoring System (EPSS) rating of 0.903, suggesting a strong likelihood of exploitation in real-world scenarios. Furthermore, the availability of 26 proof-of-concept (PoC) exploits highlights the urgency for organizations to address this issue promptly.
The ingress-nginx controller is a widely used component in Kubernetes environments, responsible for managing external access to services within a cluster. The flaw's potential impact is exacerbated by the controller's role in handling traffic, making it a prime target for attackers seeking to infiltrate Kubernetes deployments.
Security experts have emphasized the critical nature of this vulnerability, urging immediate action to mitigate potential risks. The Security Severity Vulnerability Classification (SSVC) for this flaw is marked as 'attend,' indicating that organizations should prioritize patching to prevent exploitation. The timeline to exploit (TTE) is recorded as -1.0 days, reflecting the fact that exploitation was observed before the vulnerability's public disclosure.
Organizations using Kubernetes with the ingress-nginx controller are advised to apply the latest patches without delay. The urgency is compounded by the fact that attackers can leverage this vulnerability to gain unauthorized access and potentially compromise entire Kubernetes clusters.
In light of this threat, defenders should review their ingress-nginx configurations and ensure that network access controls are robustly enforced. Monitoring for unusual activity within Kubernetes environments can also help in early detection of potential exploitation attempts. As the Kubernetes community works to address this critical flaw, swift action by administrators is essential to safeguard cloud-native applications from this significant security risk.
CSURFACE