Ingress NGINX Critical Vulnerability - 20250325001¶
Overview¶
Five security vulnerabilities have been disclosed in the Ingress NGNIX Controller for Kubernetes, potentially allowing unauthenticated remote code execution (RCE).
What is vulnerable?¶
Product(s) Affected | Version(s) | CVE | CVSS | Severity |
---|---|---|---|---|
Kubernetes ingress-nginx | Vendor listed affected versions | CVE-2025-1974 CVE-2025-1098 CVE-2025-1097 CVE-2025-24514 CVE-2025-24513 |
9.8 8.8 8.8 8.8 4.8 |
Critical High High High Medium |
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):