Public-facing Kubernetes Clusters At Risk Of Takeover Thanks To Ingress-Nginx Flaw

Cloudy infosec outfit Wiz has discovered serious vulnerabilities in the admission controller component of Ingress-Nginx Controller that could allow the total takeover of Kubernetes clusters – and thinks more than 6,000 deployments of the software are at risk on the internet.

Kubernetes (K8s) clusters are exposed more often than you might think to external HTTP/S traffic, to allow outside access to the applications they run. Putting the cluster admission controller out there, too, doesn't seem a great idea to us, but apparently thousands of them are accessible.

In K8s-talk, allowing external traffic to reach a cluster is known as ingress. Rules about how to handle ingress are defined in ingress objects, and are processed by an ingress controller.

As explained by Kubernetes team member Tabitha Sable on Monday, “an ingress controller uses that definition [an ingress object] to set up local or cloud resources as required for the user’s particular situation and needs.”

“Ingress-Nginx translates the requirements from ingress objects into configuration for Nginx, a powerful open source webserver daemon,” Sable added.

“Then, Nginx uses that configuration to accept and route requests to the various applications running within a Kubernetes cluster. Proper handling of these Nginx configuration parameters is crucial, because Ingress-Nginx needs to allow users significant flexibility while preventing them from accidentally or intentionally tricking Nginx into doing things it shouldn’t."

It looks like Ingress-Nginx doesn’t handle them properly.

According to Wiz researchers, handling the configs is a job for Ingress-Nginx's admission controller.

“When the Ingress-Nginx admission controller processes an incoming ingress object, it constructs an Nginx configuration from it and then validates it using the Nginx binary,” Wiz’s wonks wrote. “Our team found a vulnerability in this phase that allows injecting an arbitrary Nginx configuration remotely, by sending a malicious ingress object directly to the admission controller through the network.”

That is to say, a miscreant needs to be able to reach a vulnerable Ingress-Nginx admission controller to pull off the attack described this week by Wiz.

• Don't want your Kubernetes Windows nodes hijacked? Patch this hole now
• Alibaba Cloud claims K8s service meshes can require more resources than the apps they run
• Red Hat Kubernetes security report finds people are the problem
• New tools to simplify wrapping your head around Kubernetes

When the admission controller attempts to validate a malicious ingress object, “the injected Nginx configuration causes the Nginx validator to execute code, allowing remote code execution (RCE) on the Ingress-Nginx Controller’s pod.”

It gets worse: Admission controllers have elevated privileges and unrestricted network accessibility. Malware executed by the Nginx validator could therefore run riot.

“Exploiting this flaw allows an attacker to execute arbitrary code and access all cluster secrets across namespaces, that could lead to complete cluster takeover,” Wiz’s researchers wrote.

Wiz, which is being absorbed by Google, reckons more than 6,500 publicly accessible Kubernetes installations expose vulnerable, exploitable admission controllers, some operated by Fortune 500 companies. They can't all be honeypots.

Five flaws, fixes available, workarounds posssible

The good news is that Wiz disclosed this mess to the developers overseeing Kubernetes in December 2024 and January 2025, and that fixes for five CVEs – collectively dubbed IngressNightmare by Wiz – were issued on March 10, with the details under embargo until now.

Nginx Controller version 1.12.1 and 1.11.5 fix the flaws – and they are available to download at this link.

The bad news is that not every Kubernetes user acts on security notifications. And the worst of the five flaws - CVE-2025-1974 – is rated 9.8 on the ten-point Common Vulnerability Scoring System (CVSS).

The other flaws also deserve your attention.

CVE-2025-1097 is rated 8.8/10 and so is CVE-2025-1098 and CVE-2025-24514.

The fifth flaw, CVE-2025-24513, scored a mere 4.8.

Now that the flaws are public, Wiz suggests upgrading as soon as possible but also recognizes not everyone can do that because K8s clusters run mission-critical apps that can’t easily be taken down for a fix.

If that’s you, Wiz recommends enforcing strict network policies so only the Kubernetes API Server can access the admission controller and temporarily disabling the admission controller component of Ingress-Nginx. ®