The vulnerabilities, assigned five separate CVE identifiers (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974, and CVE-2025-24513), range from critical to medium severity, with the most severe carrying a CVSS v3.1 base score of 9.8.
The research reveals an alarming security landscape: approximately 43% of cloud environments are vulnerable, with over 6,500 clusters exposed—including those belonging to Fortune 500 companies.
The Ingress-NGINX Controller, a widely used Kubernetes component for routing external traffic, includes an admission controller to validate ingress objects.
Researchers found that this admission controller, by default, lacks authentication and is network-accessible. Attackers can exploit this by sending maliciously crafted AdmissionReview requests, injecting arbitrary NGINX configurations during the validation phase.
The vulnerabilities stem from improper sanitization of user-controlled fields, such as the auth-url and auth-tls-match-cn annotations.
For instance, a malformed auth-url annotation could inject rogue NGINX directives, while auth-tls-match-cn abuses regex validation to bypass security checks. "This lack of proper sanitization allows an attacker to inject arbitrary NGINX configuration directives, which get evaluated when nginx -t runs," the Wiz team noted.
From Injection to Full Cluster Compromise
The most severe flaw (CVE-2025-1974) enables RCE by leveraging the ssl_engine directive to load a malicious shared library during configuration testing. Attackers upload the payload via NGINX’s client-body buffering feature, exploiting a race condition to retain file access via /proc/. Once loaded, the library executes with the pod’s high-privileged service account, granting access to all cluster secrets.
Key vulnerabilities include:
- Auth-URL Annotation Injection (CVE-2025-24514): Allows injection of arbitrary NGINX configuration directives through authentication-related annotations.
- Auth-TLS Match CN Annotation Injection (CVE-2025-1097): Enables configuration injection by manipulating TLS certificate common name matching.
- Mirror UID Injection (CVE-2025-1098): Provides another vector for inserting malicious configuration directives.
- NGINX Configuration Code Execution (CVE-2025-1974): Allows loading of arbitrary shared libraries during configuration testing.
- Auth Secret File Path Traversal (CVE-2025-24513): This flaw stems from improperly handling attacker-provided data in filename generation, potentially allowing malicious actors to manipulate file paths in the Admission Controller.
Mitigation and Recommendations
Wiz strongly recommends immediate action for all Kubernetes administrators:
- Update to Ingress NGINX Controller version 1.12.1 or 1.11.5
- Ensure the admission webhook endpoint is not exposed externally
- Implement strict network policies limiting admission controller access
- Temporarily disable the admission controller if an immediate upgrade is impossible
"We are only scratching the surface in reviewing the security of admission controllers," the Wiz research team noted. They highlighted the surprising lack of least-privilege design that ultimately allows potential cluster takeover.
The discovery underscores the critical importance of securing Kubernetes infrastructure. With over 41% of internet-facing clusters running Ingress-NGINX, these vulnerabilities represent a significant potential attack surface for malicious actors.
Kubernetes administrators are urged to conduct immediate vulnerability assessments and apply the recommended mitigations to protect their cloud environments from potential compromise.