CVE-2025-1974: ingress-nginx admission controller RCE escalation

9.8 CVSS

Description

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Classification

CVE ID: CVE-2025-1974

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-653 Improper Isolation or Compartmentalization

Affected Products

Vendor: kubernetes

Product: ingress-nginx

Nuclei Template

http/cves/2025/CVE-2025-1974.yaml

Exploit Prediction Scoring System (EPSS)

EPSS Score: 75.83% (probability of being exploited)

EPSS Percentile: 98.82% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1974
https://https://github.com/kubernetes/kubernetes/issues/131009

Timeline

2025-03-25 00:40:18 UTC
CVE

ingress-nginx admission controller RCE escalation
2025-03-25 16:15:33 UTC
Github Advisory Database (Go)

[k8s.io/ingress-nginx] ingress-nginx admission controller RCE escalation