KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

9.8

CVSS
Critical

CVE-2025-1974

PUBLISHED

ingress-nginx admission controller RCE escalation

PoC available Remote Low complexity No user interaction

Vendor: kubernetes
Product: ingress-nginx
Published: Mar 24, 2025
EPSS: —

Description

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

nuclei_scanner

CVSS scores

CVSS v3.1 9.8 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Proof of concept available

Recorded 2025-03-28 16:57:02 UTC · Source

SSVC decision points

Exploitation: poc
Automatable: Yes
Technical impact: total

References

https://https://github.com/kubernetes/kubernetes/issues/131009

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL)	Jun 20, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-1974.yaml	Apr 25, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

salt318/CVE-2025-1974

github · Created 2025-04-27 05:07:01 UTC · 0 stars

WHS3기 가상화 취약한(CVE) Docker 환경 구성 과제

chhhd/CVE-2025-1974

github · Created 2025-04-26 02:30:49 UTC · 1 stars

Rubby2001/CVE-2025-1974-go

github · Created 2025-04-10 07:25:03 UTC · 0 stars

Exploit CVE-2025-1974 with a single file.

zulloper/CVE-2025-1974

github · Created 2025-03-31 08:31:03 UTC · 0 stars

CVE-2025-1974 PoC 코드

rjhaikal/POC-IngressNightmare-CVE-2025-1974

github · Created 2025-03-28 16:57:02 UTC · 0 stars

POC IngressNightmare (CVE-2025-1974), modified from https://github.com/yoshino-s/CVE-2025-1974

0xBingo/CVE-2025-1974

github · Created 2025-03-27 03:28:01 UTC · 0 stars

A minimal test tool to help detect annotation injection vulnerabilities in Kubernetes NGINX Ingress controllers. This script sends a crafted AdmissionReview request to simulate a potential exploit path from CVE-2025-1974 and checks for signs of misinterpreted annotations in controller logs.

hi-unc1e/CVE-2025-1974-poc

github · Created 2025-03-26 16:54:37 UTC · 4 stars

PoC of CVE-2025-1974, modified from the world-first PoC~

zwxxb/CVE-2025-1974

github · Created 2025-03-26 14:49:29 UTC · 3 stars

Poc for Ingress RCE

Esonhugh/ingressNightmare-CVE-2025-1974-exps

github · Created 2025-03-26 06:43:36 UTC · 72 stars

IngressNightmare POC. world first remote exploitation and with multi-advanced exploitation methods. allow on disk exploitation. CVE-2025-24514 - auth-url injection, CVE-2025-1097 - auth-tls-match-cn injection, CVE-2025-1098 – mirror UID injection -- all available.

yanmarques/CVE-2025-1974

github · Created 2025-03-25 18:49:23 UTC · 0 stars

yoshino-s/CVE-2025-1974

github · Created 2025-03-25 13:23:01 UTC · 46 stars

Timeline

CVE ID Reserved

March 04, 2025
CVE Published to Public

March 24, 2025
Proof of Concept Exploit Available

March 28, 2025
Detected by Nuclei

April 25, 2025
Added to KEVIntel

June 20, 2025