CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1098: ingress-nginx controller - configuration injection via unsanitized mirror annotations

8.8 CVSS

Description

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Classification

CVE ID: CVE-2025-1098

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-20 Improper Input Validation

Affected Products

Vendor: kubernetes

Product: ingress-nginx

Nuclei Template

http/cves/2025/CVE-2025-1098.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 26.45% (probability of being exploited)

EPSS Percentile: 95.97% (scored less or equal to compared to others)

EPSS Date: 2025-04-22 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1098
https://github.com/kubernetes/kubernetes/issues/131008

Timeline

2025-03-25 00:40:18 UTC
CVE

ingress-nginx controller - configuration injection via unsanitized mirror annotations
2025-03-25 16:15:36 UTC
Github Advisory Database (Go)

[k8s.io/ingress-nginx] ingress-nginx controller - configuration injection via unsanitized mirror annotations