If you're running ingress-nginx in your Kubernetes cluster please take a look at this latest CVE details, it's a big one! Patches are out so please get updating as soon as you can!

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

#Kubernetes #Nginx #Ingress #CloudNative

Kubernetesでingress-nginx使ってる各位は確認しておいた方が良いかもです

Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes : 👀
---
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

Jacob Sandum posted a detailed and well-written PoC for the IngressNightmare (CVE-2025-1974 ) vulnerability found in the Kubernetes ingress-nginx Admission Controller by Wiz (Woogle!). If you are looking for a quick way to reproduce the issue or validate detection and mitigation, take a look:
https://github.com/sandumjacob/IngressNightmare-POCs/blob/main/CVE-2025-1974/README.md

‼️ Wiz and Kubernetes released patches and an advisory for CVE-2025-1974 and friends, dubbed IngressNightmare. If you're shuttling web requests from the internet to your K8s cluster, you'll want to ensure you're on top of these. More here: https://www.runzero.com/blog/ingress-nightmare/

cc: @todb @rk

Ingress-nginx CVE-2025-1974: What You Need to Know - https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/ #Kubernetes

"CVE-2025-1974 means that anything on the Pod network has a good chance of taking over your Kubernetes cluster, with no credentials or administrative access required."

ingress-nginx is deployed in 40% of k8s clusters.

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

Ingress-nginx CVE-2025-1974: What You Need to Know - https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/ via @K8sContributors #infosec #kubernetes

Patch 'em if you got 'em #kubernetes #ingress #nginx

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

Here is a start on a cloud console shell script for a simple rolling upgrade of ingress-nginx.
Use at your own risk, no warranty implied.

But it might save you some time as a starting point to mitigating CVE-2025-1974

...which you should go do RIGHT NOW!

https://github.com/secwest/k8s-ingress-nginx-rollingupgrade

Well this is going to be a stinker. If you’re using nginx ingress a) you can’t trust other pods right now and b) just grow up and use a proper ingress like Traefik

https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

https://sysdig.com/blog/detecting-and-mitigating-ingressnightmare-cve-2025-1974/

I'm a bit unhappy with the coverage for CVE-2025-1974. While it might be true that ">40%" of all #Kubernetes clusters run ingress-nginx, only a small fraction will actually at risk of being exploited. If you run an overlay network (non-IPv6) and don't let non-cluster-admins create Ingress resources, the risk is drastically reduced. Remains the risk of attacks by workloads directly talking to the webhook endpoint.

It's an exciting finding, but still… keep calm and patch.

⚠️ Alerte sécurité sur Kubernetes : #IngressNightmare

Le 24 mars 2025, l’équipe de recherche de Wiz et les mainteneurs de Kubernetes ont dévoilé 5 vulnérabilités majeures affectant le très populaire Ingress-NGINX Controller (présent sur +40% des clusters).

Ces failles, dont la plus grave est CVE-2025-1974 (CVSS 9.8), permettent à un attaquant sans identifiants d’exécuter du code à distance (Remote Code Execution) et de prendre le contrôle complet du cluster Kubernetes, en accédant à tous les secrets (mots de passe, clés d’API, etc.).

Ce qui est en cause :
Le composant vulnérable est le Validating Admission Controller d’Ingress-NGINX. Il valide les objets "Ingress" mais est, par défaut, accessible sans authentification depuis le réseau interne du cluster – parfois même exposé publiquement.

Les chercheurs ont réussi à injecter des configurations NGINX malveillantes, puis à exécuter du code en important des bibliothèques à partir de fichiers temporaires via NGINX. Une véritable porte d’entrée invisible.

✅ Ce que vous devez faire rapidement:
Vérifiez si vous utilisez ingress-nginx :

kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx

Mettez à jour vers une version corrigée :

v1.12.1 ou v1.11.5

Si vous ne pouvez pas mettre à jour tout de suite :

Désactivez temporairement le webhook d’admission (voir instructions officielles).

[Sources officielles]
⬇️
Blog de recherche Wiz :
"IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX"
👇
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

📢 Annonce de Kubernetes (Security Response Committee) :
"Ingress-nginx CVE-2025-1974: What You Need to Know"
👇
https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

#CyberVeille #Kubernetes #DevSecOps #CVE_2025_1974 #RCE

Critical Kubernetes alert: CVE-2025-1974 in ingress-nginx allows remote code execution (CVSS 9.8). Patch now to v1.12.1, v1.11.5, or v1.10.7. Affects 40% of clusters - disable admission controller if you can't update immediately. #CVE-2025-1974 https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-1974-exposes-clusters-to-remote-code-execution/

Critical Kubernetes alert: CVE-2025-1974 in ingress-nginx allows remote code execution (CVSS 9.8). Patch now to v1.12.1, v1.11.5, or v1.10.7. Disable admission controller if you can't update immediately. #CVE-2025-1974 Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-1974-exposes-clusters-to-remote-code-execution/

Critical alert for Kubernetes users: CVE-2025-1974 in ingress-nginx (CVSS 9.8) allows remote code execution and cluster takeover. Patch now to v1.12.1/v1.11.5 or disable admission controller. Check your clusters! #CVE-2025-1974 https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-1974-exposes-clusters-to-remote-code-execution/

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.

CVE-2025-1974 but also CVE-2025-1097 CVE-2025-1098 CVE-2025-24513 CVE-2025-24514

🔗 For more details about Ingress NGINX Controller for Kubernetes release https://vulnerability.circl.lu/bundle/84edafcd-42a7-4c30-96f8-87de8e73e1ab

#kubernetes #vulnerability #cybersecurity #cve

Security researchers reveal critical vulnerabilities in Ingress #Nginx Controller for Kubernetes

The vulnerabilities are tracked as CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, and when exploited, allows an attacker to take over a Kubernetes cluster

Administrators are advised to patch ASAP

#cybersecurity #vulnerabilitymanagement

https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

Fiksene for CVE-ene involvert i #ingressnightmare er jo også litt interessante:

* CVE-2025-1097 mer quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/06c992abd8eef9710359a236c443c613d29fdfad

* CVE-2025-1098 mer & flyttet quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/2e9f37380afb7853fa6daa1c3e6659550aadfd90

* CVE-2025-1974 diverse utkommentert kode, tydeligvis tester?:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/0ccf4caaadec919680c455d221e53d97970d527d

* CVE-2025-24513 bruke en ordentlig filepath-type:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/cbc159094f6d1b1bf8cf1761eb119138d1f95df1

* CVE-2025-24514 mer sitering:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/ab470eb920924d62a197ebddd8a4cc3031a77ddf

Hey folks, ready for your daily dose of cyber intel? ☕️

Tuesday's update is out and it's packed with need-to-know updates:

🚨 Critical Next.js Flaw: Authorization bypass vulnerability (CVE-2025-29927) impacting versions before 15.2.3. Upgrade ASAP or block those 'x-middleware-subrequest' headers!

🐜 Weaver Ant's Long Game: Chinese hackers spied on a telco network for four years using compromised Zyxel routers and custom web shells. Talk about persistence!

🐍 VanHelsing RaaS Emerges: A new ransomware player targeting Windows, ARM, ESXi systems. Keep an eye on this one!

☁️ Oracle Cloud Breach Claims: Did they or didn't they? Oracle denies a breach, but a threat actor is claiming otherwise.

🚂 Ukrainian Railway Hit: Cyberattack disrupts online ticket sales amidst crucial transport operations. Resilience is key.

🔄 DrayTek Router Chaos: ISPs are scrambling as DrayTek routers enter reboot loops. Potential vulnerability or buggy update at play.

🤖 AI-Enhanced Cybercrime: Europol warns that organized crime is leveling up with AI, partnering with state-aligned entities.

🛰️ Starlink Intercepted: Thai authorities seize Starlink transmitters headed for Myanmar scam centers. Criminals are finding ways around cut-offs.

🚓 Cybercrime Crackdown: 300+ suspects arrested in Africa for cyber scams. A win for international law enforcement!

🧬 23andMe's Bankruptcy Woes: Privacy advocates raise concerns about DNA data as 23andMe files for bankruptcy. What happens to all that genetic info?

🔒 Pennsylvania County Ransomware: Sensitive data stolen during a ransomware attack. Another reminder to shore up those defenses.

👁️‍🗨️ China Bans Facial Recognition: Consent is now required for facial recognition in China. But are there exceptions for government and AI training?

👉 Dive into the full details here: https://opalsec.io/daily-news-update-tuesday-march-25-2025-australia-melbourne/

Stay vigilant, stay informed, and let's keep the digital world a little safer, one update at a time. 🛡️

#Cyber #CyberSec #Cybersecurity #InfoSec #ThreatIntelligence #ThreatIntel #Ransomware #NextJS #China #AI #Cybercrime #DataBreach #Privacy #Starlink #Europol #Vulnerability #WeaverAnt #VanHelsing #OracleCloud #Ukraine #DrayTek #23andMe #CyberAttack #infosecurity #Privacy #DataPrivacy #AI #InfoSecNews #News

I probably sound like a broken record at this point, but we're not sold yet on the world-ending nature of Next.js CVE-2025-29927.

The fact that the bug isn't known to have been successfully exploited in the wild despite the huge amount of media and industry attention it’s received sure feels like a reasonable early indicator that it's unlikely to be broadly exploitable (classic framework vuln), and may not have any easily identifiable remote attack vectors at all.

https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/

#NextJS: Critical #vulnerability in NextJS (CVE-2025-29927) impacts all NextJS versions before 15.2.3, 14.2.25, 13.5.9, 12.3.5 allowing attackers to bypass authorisation checks.

Great explanation and a Proof-of-Concept demonstration by @_JohnHammond
👇
https://www.youtube.com/watch?v=dL1a0KcAW3Y

#CVE block #Next.js CVE-2025-29927 exploits with #HAProxy
https://www.haproxy.com/blog/protecting-against-nextjs-middleware-vulnerability-cve-2025-29927-with-haproxy

📣Critical Vercel Next.js Middleware Authentication CVE-2025-29927 (CVSS 9.1/10) Vercel Next.js Middleware Authentication Bypass Vulnerability
🤢Impact: A successful exploit allows an attacker to bypass authorization checks within a Next.js application.
🛡️Fixed: v14.2.25 v15.2.3

🚨 Critical Next.js Vulnerability (CVE-2025-29927) Exposes Middleware to Attack! 🚨

A newly discovered security flaw in Next.js !

📖 Read the full breakdown here: https://wardenshield.com/cve-2025-29927-cracks-nextjs-wide-open-middleware-meltdown

#CyberSecurity #Nextjs #CVE2025 #MiddlewareMeltdown #Infosec #WardenShield

Everyone’s talking about the Next.js vulnerability alert - and rightfully so. 👉 Here's why you need to detect and fix CVE-2025-29927 - now!

CVE-2025-29927 allows attackers to bypass crucial authorization checks via a simple header manipulation. This flaw affects a wide range of Next.js versions, potentially exposing sensitive data and critical admin functionalities.

Here's what you need to know:

👉 Impact: Attackers can gain unauthorized access to protected routes, leading to data breaches and privilege escalation.
👉 Vulnerable versions: Next.js 11.1.4 through 15.2.2.
👉 Detection: our Network Vulnerability Scanner now detects CVE-2025-29927, so a CVE-focused scan lets you identify vulnerable instances in your infrastructure - fast.

🔥 Don't wait for the exploit: act now

✅ Run a network scan

✅ Read the detailed write-up that explains how this vulnerability works, its impact, and detailed remediation steps ➡️ https://pentest-tools.com/blog/CVE-2025-29927-next-js-bypass

Oh, look, another critical #AppSec #CVE — this time it's Next.js opening the door for any adversary that says "pretty please" via a request header. Fortunately, even though it'll be an effort to upgrade for the fix, mitigation will be simple in most cases. https://checkmarx.com/zero-post/critical-cve-2025-29927-research-nextjs-middleware-authorization-bypass/

A new twist on #ESXicape - you need local admin rights to escape the VM to the hypervisor, right?

Slight issue - VMware Tools, installed inside VMs, allows local user to local admin privilege escalation on every VM due to vuln CVE-2025-22230

“A malicious actor with non-administrative privileges on a Windows guest VM may gain ability to perform certain high-privilege operations within that VM.”

Discovered by Positive Technologies, who US claim hack for Moscow.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518

Auth bypass vuln in VMWare Tools for Windows. Nice.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518

sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

https://nvd.nist.gov/vuln/detail/CVE-2025-22230

#Broadcom warns of authentication bypass in #VMware Windows Tools

"The vulnerability (CVE-2025-22230) is caused by an improper access control weakness and was reported by Sergey Bliznyuk of Positive Technologies (a sanctioned Russian cybersecurity company accused of trafficking hacking tools)."

https://www.bleepingcomputer.com/news/security/broadcom-warns-of-authentication-bypass-in-vmware-windows-tools/

Critical Kubernetes alert: CVE-2025-1097 in Ingress-Nginx allows RCE and secret theft (CVSS 8.8). Over 6,500 clusters exposed. Patch now (1.12.1/1.11.5) and restrict admission controller access. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-exposes-clusters-to-rce-and-secret-theft-cve-2025-1097/ #CVE-2025-1097 #Kubernetes

Critical Kubernetes alert: CVE-2025-1097 in Ingress-Nginx allows RCE and secret theft (CVSS 8.8). Over 6,500 clusters exposed. Patch now (1.12.1/1.11.5) and restrict admission controller access. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-exposes-clusters-to-rce-and-secret-theft-cve-2025-1097/ #CVE-2025-1097 #Kubernetes

Critical Kubernetes alert: CVE-2025-1097 in Ingress-Nginx allows RCE and secret theft (CVSS 8.8). Over 6,500 clusters exposed. Patch now (1.12.1/1.11.5) and restrict admission controller access. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-exposes-clusters-to-rce-and-secret-theft-cve-2025-1097/ #CVE-2025-1097

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.

CVE-2025-1974 but also CVE-2025-1097 CVE-2025-1098 CVE-2025-24513 CVE-2025-24514

🔗 For more details about Ingress NGINX Controller for Kubernetes release https://vulnerability.circl.lu/bundle/84edafcd-42a7-4c30-96f8-87de8e73e1ab

#kubernetes #vulnerability #cybersecurity #cve

Security researchers reveal critical vulnerabilities in Ingress #Nginx Controller for Kubernetes

The vulnerabilities are tracked as CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, and when exploited, allows an attacker to take over a Kubernetes cluster

Administrators are advised to patch ASAP

#cybersecurity #vulnerabilitymanagement

https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

Fiksene for CVE-ene involvert i #ingressnightmare er jo også litt interessante:

* CVE-2025-1097 mer quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/06c992abd8eef9710359a236c443c613d29fdfad

* CVE-2025-1098 mer & flyttet quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/2e9f37380afb7853fa6daa1c3e6659550aadfd90

* CVE-2025-1974 diverse utkommentert kode, tydeligvis tester?:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/0ccf4caaadec919680c455d221e53d97970d527d

* CVE-2025-24513 bruke en ordentlig filepath-type:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/cbc159094f6d1b1bf8cf1761eb119138d1f95df1

* CVE-2025-24514 mer sitering:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/ab470eb920924d62a197ebddd8a4cc3031a77ddf

Critical Kubernetes vulnerability CVE-2025-1098 allows RCE and secret theft via Ingress-Nginx controller. Patch now (v1.12.1/v1.11.5) and restrict admission controller access. Thousands of clusters may be exposed. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-1098-exposes-clusters-to-rce-and-secret-theft/ #CVE-2025-1098

Critical Kubernetes vulnerability CVE-2025-1098 allows RCE and secret theft via Ingress-Nginx controller. Patch now (v1.12.1/v1.11.5) and restrict admission controller access. Thousands of clusters may be exposed. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-1098-exposes-clusters-to-rce-and-secret-theft/ #CVE-2025-1098

Critical Kubernetes vulnerability CVE-2025-1098 allows RCE and secret theft via Ingress-Nginx. Patch now (v1.12.1/1.11.5) and restrict admission controller access. Thousands of clusters at risk. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-1098-exposes-clusters-to-rce-and-secret-theft/ #CVE-2025-1098 #Kubernetes

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.

CVE-2025-1974 but also CVE-2025-1097 CVE-2025-1098 CVE-2025-24513 CVE-2025-24514

🔗 For more details about Ingress NGINX Controller for Kubernetes release https://vulnerability.circl.lu/bundle/84edafcd-42a7-4c30-96f8-87de8e73e1ab

#kubernetes #vulnerability #cybersecurity #cve

Security researchers reveal critical vulnerabilities in Ingress #Nginx Controller for Kubernetes

The vulnerabilities are tracked as CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, and when exploited, allows an attacker to take over a Kubernetes cluster

Administrators are advised to patch ASAP

#cybersecurity #vulnerabilitymanagement

https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

Fiksene for CVE-ene involvert i #ingressnightmare er jo også litt interessante:

* CVE-2025-1097 mer quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/06c992abd8eef9710359a236c443c613d29fdfad

* CVE-2025-1098 mer & flyttet quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/2e9f37380afb7853fa6daa1c3e6659550aadfd90

* CVE-2025-1974 diverse utkommentert kode, tydeligvis tester?:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/0ccf4caaadec919680c455d221e53d97970d527d

* CVE-2025-24513 bruke en ordentlig filepath-type:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/cbc159094f6d1b1bf8cf1761eb119138d1f95df1

* CVE-2025-24514 mer sitering:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/ab470eb920924d62a197ebddd8a4cc3031a77ddf

Critical Kubernetes alert: CVE-2025-24514 in ingress-nginx allows RCE and secret theft via annotation injection (CVSS 8.8). Over 6,500 clusters may be exposed. Patch now or disable admission webhooks. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-24514-exposes-clusters-to-rce-secret-theft/ #CVE-2025-24514 #Kubernetes

Critical Kubernetes alert: CVE-2025-24514 in ingress-nginx allows RCE & secret theft via annotation injection (CVSS 8.8). Patch now or disable admission webhooks. Over 6,500 clusters may be exposed. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-24514-exposes-clusters-to-rce-secret-theft/ #CVE-2025-24514 #Kubernetes

Critical Kubernetes vulnerability (CVE-2025-24514) in ingress-nginx allows RCE and secret theft via annotation injection. Patch now (v1.11.5/1.12.1) and restrict webhook access. Over 6,500 clusters may be exposed. Details: https://redteamnews.com/exploit/cve/critical-kubernetes-ingress-nginx-vulnerability-cve-2025-24514-exposes-clusters-to-rce-secret-theft/ #CVE-2025-24514 #Kubernetes

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.

CVE-2025-1974 but also CVE-2025-1097 CVE-2025-1098 CVE-2025-24513 CVE-2025-24514

🔗 For more details about Ingress NGINX Controller for Kubernetes release https://vulnerability.circl.lu/bundle/84edafcd-42a7-4c30-96f8-87de8e73e1ab

#kubernetes #vulnerability #cybersecurity #cve

Security researchers reveal critical vulnerabilities in Ingress #Nginx Controller for Kubernetes

The vulnerabilities are tracked as CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, and when exploited, allows an attacker to take over a Kubernetes cluster

Administrators are advised to patch ASAP

#cybersecurity #vulnerabilitymanagement

https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

Fiksene for CVE-ene involvert i #ingressnightmare er jo også litt interessante:

* CVE-2025-1097 mer quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/06c992abd8eef9710359a236c443c613d29fdfad

* CVE-2025-1098 mer & flyttet quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/2e9f37380afb7853fa6daa1c3e6659550aadfd90

* CVE-2025-1974 diverse utkommentert kode, tydeligvis tester?:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/0ccf4caaadec919680c455d221e53d97970d527d

* CVE-2025-24513 bruke en ordentlig filepath-type:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/cbc159094f6d1b1bf8cf1761eb119138d1f95df1

* CVE-2025-24514 mer sitering:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/ab470eb920924d62a197ebddd8a4cc3031a77ddf

https://www.walknews.com/839397/ Google Chromeの重大な脆弱性が修正、早急なアップデートを(CVE-2025-2476)|セキュリティニュース #Science #Science&Technology #Technology #テクノロジー #科学 #科学＆テクノロジー

https://www.wacoca.com/news/2481285/ Google Chromeの重大な脆弱性が修正、早急なアップデートを(CVE-2025-2476)|セキュリティニュース #Science&Technology #ScienceNews #TechnologyNews #テクノロジー #科学 #科学＆テクノロジー

Uh, is it normal for an automated #security scanner to be unaware of #debian patched packages?

Like how OpenSSH 9.2p1 is vulnerable to CVE-2023-38408 but the Debian version 1:9.2p1-2+deb12u5 is patched. But the security scanner sees the "9.2p1" string and sounds the alarm.

https://security-tracker.debian.org/tracker/CVE-2023-38408

Is this a common problem for people running Debian servers?

Moar hacking in space!

https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv

sec:CRIT 9.4 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the Crypto_TM_ProcessSecurity function (crypto_tm.c:1735:8). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer p_new_dec_frame. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f.

https://nvd.nist.gov/vuln/detail/CVE-2025-30216

Wow, things are getting wild in the Kubernetes world! The name alone – "IngressNightmare" – gives me chills! 🤯 It's crucial to know this affects the Ingress NGINX Controller, *not* the NGINX Ingress Controller. That's a big difference!

Wiz really uncovered something huge. We're talking over 6,500 vulnerable clusters, with the potential for some serious Remote Code Execution (RCE). Ouch! They found that a scary 43% of cloud environments are impacted.

It appears, that these kinds of vulnerabilities often slip past standard scans. You really need manual penetration testing to catch them. And as a pentester myself, I can tell you, it's frequently like digging for buried treasure! 😅

Here are the CVEs to watch out for: CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, CVE-2025-1974. These have a CVSS score of 9.8! So, you'll want to update to 1.12.1, 1.11.5, or 1.10.7 *immediately*. Another crucial step? See if your Admission Webhook Endpoint is exposed. Make sure you're limiting access. Don't need it? Then, turn it off!

So, what are your experiences with K8s security? I'm curious, what tools do you swear by? 🤔

#kubernetes #security #pentesting #devsecops #cloudsecurity

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see https://status.vmst.io for more information. #vmstio

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller.

CVE-2025-1974 but also CVE-2025-1097 CVE-2025-1098 CVE-2025-24513 CVE-2025-24514

🔗 For more details about Ingress NGINX Controller for Kubernetes release https://vulnerability.circl.lu/bundle/84edafcd-42a7-4c30-96f8-87de8e73e1ab

#kubernetes #vulnerability #cybersecurity #cve

Security researchers reveal critical vulnerabilities in Ingress #Nginx Controller for Kubernetes

The vulnerabilities are tracked as CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974, and when exploited, allows an attacker to take over a Kubernetes cluster

Administrators are advised to patch ASAP

#cybersecurity #vulnerabilitymanagement

https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html

Fiksene for CVE-ene involvert i #ingressnightmare er jo også litt interessante:

* CVE-2025-1097 mer quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/06c992abd8eef9710359a236c443c613d29fdfad

* CVE-2025-1098 mer & flyttet quoting:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/2e9f37380afb7853fa6daa1c3e6659550aadfd90

* CVE-2025-1974 diverse utkommentert kode, tydeligvis tester?:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/0ccf4caaadec919680c455d221e53d97970d527d

* CVE-2025-24513 bruke en ordentlig filepath-type:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/cbc159094f6d1b1bf8cf1761eb119138d1f95df1

* CVE-2025-24514 mer sitering:
https://github.com/kubernetes/ingress-nginx/pull/13068/commits/ab470eb920924d62a197ebddd8a4cc3031a77ddf