Threat Advisory – Critical Kubernetes Vulnerabilities Require Immediate Patching

Description

Recent research has revealed four significant remote code execution vulnerabilities in the Kubernetes Ingress Nginx Controller. Exploiting these issues might provide attackers unauthorized access to all secrets in Kubernetes clusters, potentially leading to a complete cluster takeover. This issue presently affects around 43% of Kubernetes clusters that are accessible via the internet.

Impact

These vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974) pose a severe security threat, with a CVSS score of 9.8/10. Attackers can execute remote code, compromise workloads, and access critical data. In many cases, the Pod network is accessible to cloud VPC workloads or even corporate networks, heightening the risk.

Recommendations

  • Immediate Action: Update to Ingress Nginx Controller versions 1.12.1, 1.11.5, or 1.10.7.
  • Access Restrictions: Ensure the admission webhook endpoint is not publicly exposed.
  • Mitigation Measures: If updates are not immediately possible, enforce strict network policies restricting Kubernetes API server access to the admission controller. Temporarily disable the admission controller if unnecessary.

Reference

Kubernetes Patch: 43% of Clusters Face Remote Takeover Risk

For further assistance, contact us at info@accorian.com or schedule an appointment via our Calendly link.

Threat Advisory
Team Accorian