Critical security vulnerabilities have been discovered in Ingress-NGINX Controller for Kubernetes. CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974—collectively known as ‘IngressNightmare’—allow attackers to gain unauthorized access to secrets across all namespaces, resulting in unauthenticated remote code execution and ultimately leading to complete takeover of the Kubernetes cluster. Understanding the Ingress NGINX Controller The Ingress-NGINX Controller (not to […]
The post Ingress NGINX Remote Code Execution Vulnerabilities Discovered – Patch Now! appeared first on SecPod Blog.