Security bulletin with an exclamation point in the middle of the screen
Security bulletin with an exclamation point in the middle of the screen
Back to blog

CVE-2025-1974: Critical Unauthenticated RCE Vulnerability in Ingress NGINX for Kubernetes

ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters. Find Arctic Wolf’s recommendations for CVE-2025-1974.
Security bulletin with an exclamation point in the middle of the screen
6 min read

On March 24, 2025, ingress-nginx maintainers released fixes for multiple vulnerabilities that could allow threat actors to take over Kubernetes clusters. Ingress is a Kubernetes feature that defines how workload Pods are exposed to the network, while an Ingress Controller implements those rules by configuring the necessary local or cloud resources. According to Kubernetes, ingress-nginx is deployed in over 40% of Kubernetes clusters. 

The most severe vulnerability, CVE-2025-1974, is a critical flaw that allows unauthenticated threat actors with access to the Pod network to achieve Remote Code Execution (RCE). The issue stems from the Validating Admission Controller feature in ingress-nginx, where, by default, admission controllers are accessible over the network without authentication. This allows a threat actor to inject an arbitrary NGINX configuration by sending a malicious Ingress object directly to the admission controller. 

A threat actor leveraging CVE-2025-1974 can exploit configuration injection vulnerabilities on the Pod network, enabling them to take over a Kubernetes cluster. Anything on the Pod network can exploit this vulnerability, and when chained with other, less severe vulnerabilities (CVE-2025-1097, CVE-2025-1098, and CVE-2025-24514), it can provide the necessary access to fully compromise the cluster, all without requiring credentials or administrative privileges. 

Recommendation for CVE-2025-1974

Upgrade to Latest Fixed Version

Arctic Wolf strongly recommends that customers upgrade to the latest fixed version. 

Product  Affected Version  Fixed Version 
Ingress-nginx Controller  Versions prior to 1.12.1 and 1.11.5  1.12.1 and 1.11.5 

 

Please follow your organization’s patching and testing guidelines to minimize potential operational impact. 

Workaround (Optional)

For users unable to upgrade immediately, Kubernetes recommends turning off the Validating Admission Controller feature of ingress-nginx. Instructions for this can be found in the Kubernetes Security Response Committee article. 

To check if your clusters are using ingress-nginx, Kubernetes recommends running the following command with cluster administrator permissions: kubectl get pods –all-namespaces –selector app.kubernetes.io/name=ingress-nginx 

References 

Wiz Vulnerability Article

Kubernetes Security Response Committee Article

Ingress-nginx release notes

Resources

Understand the threat landscape, and how to better defend your organization, with the 2025 Arctic Wolf Threat Report

See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster

 

Popular Topics
View all posts
Share this post:

What to read next

Back to Blog
Arctic Wolf Blog Featured Image
8 min read

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035

April 17, 2025

View Post
Arctic Wolf Blog Featured Image
3 min read

Silent Ransom Group “Call-back” Phishing Campaign

April 10, 2025

View Post
Arctic Wolf Blog Featured Image
12 min read

Microsoft Patch Tuesday: April 2025

April 9, 2025

View Post
Arctic Wolf Blog Featured Image
4 min read

CVE-2025-22457: Ivanti Connect Secure VPN Vulnerable to Zero-Day RCE Exploitation

April 3, 2025

View Post