IngressNightmare, a series of vulnerabilities in the Ingress NGINX Controller for Kubernetes, has raised concerns within the cybersecurity community. The Tenable Security Response Team (SRT) has compiled a list of frequently asked questions (FAQ) to address the issues surrounding IngressNightmare.
The vulnerabilities associated with IngressNightmare are critical and have been assigned CVEs as follows:
– CVE-2025-1097: Ingress NGINX Controller Configuration Injection via Unsanitized auth-tls-match-cn annotation
– CVE-2025-1098: Ingress NGINX Controller Configuration Injection via Unsanitized Mirror Annotations
– CVE-2025-1974: Ingress NGINX Admission Controller Remote Code Execution
– CVE-2025-24513: Ingress NGINX Controller Auth Secret File Path Traversal Vulnerability
– CVE-2025-24514: Ingress NGINX Controller Via Unsanitized Auth-URL Annotation
These vulnerabilities were publicly disclosed on March 24, sparking concern within the cybersecurity community. News outlets such as The Hacker News reported on the vulnerabilities, highlighting the risks associated with IngressNightmare. The severity of these vulnerabilities ranges from high to critical, with the most severe flaw (CVE-2025-1974) allowing unauthenticated remote attackers to access the admission controller, a component with privileged access within a Kubernetes cluster.
The combination of these vulnerabilities can create a toxic chain that, if exploited, could grant attackers access to cluster secrets and potentially lead to a cluster takeover. However, it is worth noting that these vulnerabilities were reported to Kubernetes through coordinated disclosure and were not exploited as zero-days.
As of March 24, there are no public proof-of-concept exploits available for these vulnerabilities. However, the Kubernetes team has released fixed versions of the Ingress NGINX Controller to address the issues. Users are encouraged to update to the fixed versions (1.12.1 for versions 1.12.0 and 1.11.5 for versions 1.11.4 and below) to mitigate the risks associated with IngressNightmare.
It is important to differentiate between the Ingress NGINX Controller and the NGINX Ingress Controller, as the former is affected by IngressNightmare while the latter is not. Tenable is actively working on providing plugins for these vulnerabilities, which will be available on the individual CVE pages as they are released.
In conclusion, the discovery of IngressNightmare has raised awareness about the potential risks associated with vulnerabilities in the Ingress NGINX Controller for Kubernetes. By following mitigation steps and staying informed about updates from the Kubernetes team, users can help protect their clusters from potential attacks.