Skip to content

Ingress NGINX Critical Vulnerability - 20250325001

Overview

Five security vulnerabilities have been disclosed in the Ingress NGNIX Controller for Kubernetes, potentially allowing unauthenticated remote code execution (RCE).

What is vulnerable?

Product(s) Affected Version(s) CVE CVSS Severity
Kubernetes ingress-nginx Vendor listed affected versions CVE-2025-1974
CVE-2025-1098
CVE-2025-1097
CVE-2025-24514
CVE-2025-24513
9.8
8.8
8.8
8.8
4.8
Critical
High
High
High
Medium

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

Additional References