CVE-2025-1097: ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

2025-03-25 00:40:18 UTC
CVE

ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
2025-03-25 02:00:35 UTC
Tenable Blog

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare
2025-03-25 16:15:35 UTC
Github Advisory Database (Go)

[k8s.io/ingress-nginx] ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
2025-03-27 20:15:34 UTC
DarkWebInformer

PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)
2025-03-28 13:00:47 UTC
Tenable Blog

Cybersecurity Snapshot: NIST Details Attacks Against AI, Recommends Defenses, While ETSI Issues Quantum-Resistant Crypto Standard
2025-04-10 19:30:44 UTC
All CISA Advisories

Siemens Insights Hub Private Cloud

CVE-2025-1097: ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

Description

Classification

Problem Types

Affected Products

Nuclei Template

Exploit Prediction Scoring System (EPSS)

References

Timeline