Ingress NGINX Critical Vulnerability - 20250325001¶

Overview¶

Five security vulnerabilities have been disclosed in the Ingress NGNIX Controller for Kubernetes, potentially allowing unauthenticated remote code execution (RCE).

What is vulnerable?¶

Product(s) Affected	Version(s)	CVE	CVSS	Severity
Kubernetes ingress-nginx	Vendor listed affected versions	CVE-2025-1974 CVE-2025-1098 CVE-2025-1097 CVE-2025-24514 CVE-2025-24513	9.8 8.8 8.8 8.8 4.8	Critical High High High Medium

Recommendation¶

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):

NGNIX: https://github.com/kubernetes/ingress-nginx

Additional References¶

The Hacker News: https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html