{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1974", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2025-03-04T21:34:07.543Z", "datePublished": "2025-03-24T23:28:48.985Z", "dateUpdated": "2025-03-27T03:55:19.309Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Validating Admission Controller"], "product": "ingress-nginx", "repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "kubernetes", "versions": [{"lessThanOrEqual": "1.11.4", "status": "affected", "version": "0", "versionType": "semver"}, {"status": "affected", "version": "1.12.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nir Ohfeld"}, {"lang": "en", "type": "finder", "value": "Ronen Shustin"}, {"lang": "en", "type": "finder", "value": "Sagi Tzadik"}, {"lang": "en", "type": "finder", "value": "Hillai Ben Sasson"}], "datePublic": "2025-03-24T19:36:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "impacts": [{"capecId": "CAPEC-251", "descriptions": [{"lang": "en", "value": "CAPEC-251 Local Code Inclusion"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-653", "description": "CWE-653 Improper Isolation or Compartmentalization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2025-03-24T23:28:48.985Z"}, "references": [{"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"}], "source": {"discovery": "EXTERNAL"}, "title": "ingress-nginx admission controller RCE escalation", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."}], "value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2025-1974"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-27T03:55:19.309Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1974", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-25T13:40:31.271003Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-25T13:40:25.261Z"}}], "cna": {"title": "ingress-nginx admission controller RCE escalation", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Nir Ohfeld"}, {"lang": "en", "type": "finder", "value": "Ronen Shustin"}, {"lang": "en", "type": "finder", "value": "Sagi Tzadik"}, {"lang": "en", "type": "finder", "value": "Hillai Ben Sasson"}], "impacts": [{"capecId": "CAPEC-251", "descriptions": [{"lang": "en", "value": "CAPEC-251 Local Code Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/kubernetes/ingress-nginx", "vendor": "kubernetes", "modules": ["Validating Admission Controller"], "product": "ingress-nginx", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.11.4"}, {"status": "affected", "version": "1.12.0"}], "defaultStatus": "unaffected"}], "datePublic": "2025-03-24T19:36:00.000Z", "references": [{"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"}], "workarounds": [{"lang": "en", "value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.", "supportingMedia": [{"type": "text/html", "value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "supportingMedia": [{"type": "text/html", "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-653", "description": "CWE-653 Improper Isolation or Compartmentalization"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2025-03-24T23:28:48.985Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1974", "state": "PUBLISHED", "dateUpdated": "2025-03-27T03:55:19.309Z", "dateReserved": "2025-03-04T21:34:07.543Z", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "datePublished": "2025-03-24T23:28:48.985Z", "assignerShortName": "kubernetes"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"}], "id": "CVE-2025-1974", "lastModified": "2025-03-25T00:15:14.753", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2025-03-25T00:15:14.753", "references": [{"source": "jordan@liggitt.net", "url": "https://https://github.com/kubernetes/kubernetes/issues/131009"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-653"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{"bugzilla": {"description": "ingress-nginx: ingress-nginx admission controller RCE escalation", "id": "2354661", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354661"}, "csaw": false, "cwe": "CWE-653", "details": ["A flaw was found in Kubernetes where, under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This issue can lead to the disclosure of Secrets accessible to the controller. Note that the controller can access all Secrets cluster-wide in the default installation."], "name": "CVE-2025-1974", "public_date": "2025-03-24T23:28:48Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-1974\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-1974"], "statement": "Red Hat Product Security has determined that this vulnerability does not affect any currently supported Red Hat product. This assessment may evolve based on further analysis and discovery. For more information about this vulnerability and the products it affects, please see the linked references."}