Techly NewsGet the app

Get the latest tech news

9.8 Critical Vulnerabilities in Ingress Nginx


Wiz Research uncovered RCE vulnerabilities (CVE-2025-1097, 1098, 24514, 1974) in Ingress NGINX for Kubernetes allowing cluster-wide secret access.

Our team found a vulnerability in this phase that allows injecting an arbitrary NGINX configuration remotely, by sending a malicious ingress object directly to the admission controller through the network. Finally, the Wiz Runtime Sensor detects zero-day vulnerabilities like IngressNightmare, by continuously monitoring ingress traffic, capturing malicious admission review requests in real-time, and flagging anomalous library loads to prevent similar attacks. Admission Controllers frequently don't require authentication and essentially function as web servers, introducing an additional internal network-accessible endpoint in the cluster.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of CVE

CVE

Photo of K8s

K8s

Photo of k8s ingress nginx

k8s ingress nginx

Related news:

News photo

Show HN: XPipe, a shell connection hub for SSH, Docker, K8s, VMs, and more

News photo

Kubestatus: Open source tool to easily add status page to your K8s cluster

News photo

Show HN: K8s Cleaner – Roomba for Kubernetes

« Software Maker SAP Becomes Europe's Largest Company
China’s DeepSeek Unveils Latest Update in Race With OpenAI »