Critical Vulnerabilities Found in NGINX Controller for Kubernetes

Security researchers have identified multiple vulnerabilities within the NGINX Controller for Kubernetes, raising concerns about the potential compromise of Kubernetes clusters. These findings indicate that attackers could exploit these weaknesses to execute malicious code. Fortunately, updates are available to address these security flaws.

Cloud environments utilizing the NGINX Controller for Kubernetes are particularly at risk. Researchers from Wiz have alerted that thousands of instances, accessible via the internet, are linked to various large corporations. While no active attacks have been reported as of yet, the situation poses a significant threat.

The vulnerabilities, collectively termed "IngressNightmare," include four distinct issues: CVE-2025-1097 (high), CVE-2025-1098 (high), CVE-2025-24514 (high), and CVE-2025-1974 (critical). Attackers can potentially launch code execution attacks without requiring authentication, leading to unauthorized access to sensitive information stored within the Kubernetes clusters.

According to the researchers, successful exploitation could grant attackers access to all stored secrets across every namespace within a Kubernetes cluster, allowing them to compromise the entire system. The researchers discovered approximately 6,500 publicly accessible clusters that belong to numerous Fortune 500 companies.

To initiate an attack, an attacker must gain access to the Admission Controller of a vulnerable Kubernetes cluster. This access is often not adequately secured, and many Admission Controllers are left exposed without authentication. The Admission Controller is responsible for validating incoming ingress objects before they are deployed.

Once access is achieved, attackers can manipulate the configuration processing to load a module embedded with malicious code. The researchers provide additional details regarding these vulnerabilities and offer guidance for administrators on how to ascertain if their systems are at risk or have already been compromised.

For administrators who are unable to promptly install the security updates for NGINX Controller versions 1.11.5 or 1.12.1, the researchers suggest interim measures to secure their instances. One such measure includes temporarily disabling the Admission Controller component.

It is crucial for organizations utilizing NGINX Controller for Kubernetes to take immediate action to mitigate these vulnerabilities and protect their systems from potential attacks.