Full Report
Frequently asked questions about five vulnerabilities in the Ingress NGINX Controller for Kubernetes, collectively known as IngressNightmare.BackgroundThe Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding IngressNightmare.FAQWhat is IngressNightmare?IngressNightmare is the name given to a series of vulnerabilities in the Ingress NGINX Controller for Kubernetes, an open source controller used for managing network traffic in Kubernetes clusters using NGINX as a reverse proxy and load balancer.What are the vulnerabilities associated with IngressNightmare?The following CVEs are associated with IngressNightmare:CVEDescriptionCVSSv3CVE-2025-1097Ingress NGINX Controller Configuration Injection via Unsanitized auth-tls-match-cn annotation8.8CVE-2025-1098Ingress NGINX Controller Configuration Injection via Unsanitized Mirror Annotations8.8CVE-2025-1974Ingress NGINX Admission Controller Remote Code Execution9.8CVE-2025-24513Ingress NGINX Controller Auth Secret File Path Traversal Vulnerability4.8CVE-2025-24514Ingress NGINX Controller Via Unsanitized Auth-URL Annotation8.8When was IngressNightmare first disclosed?Public disclosure of IngressNightmare happened on March 24 when news outlets, such as The Hacker News, began reporting on these vulnerabilities. At the time those articles were published, no patches were yet available from the Kubernetes team nor had a blog been published by the researchers who discovered these flaws.How critical are the IngressNightmare vulnerabilities?Based on the CVSS scores for these vulnerabilities, three are categorized as high severity, one is categorized as medium severity and one is categorized as critical severity.The most severe flaw, CVE-2025-1974, requires an unauthenticated remote attacker to be able to access the admission controller, a component in the Ingress NGINX Controller that has more privileged access within a Kubernetes cluster.Are the IngressNightmare vulnerabilities part of a toxic combination?Yes, the five vulnerabilities that make up IngressNightmare can be chained together as part of a toxic combination (or exploit chain). Successful exploitation of these flaws would grant an attacker the ability to access cluster secrets, which could result in a cluster takeover.Was this exploited as a zero-day?No, these vulnerabilities were reported to Kubernetes through coordinated disclosure.Is there a proof-of-concept (PoC) available for these vulnerabilities?As of March 24, there are no public proof-of-concept exploits for any of the five CVEs associated with IngressNightmare.Are patches or mitigations available for IngressNightmare?Yes, on the evening of March 24, the Kubernetes team published two fixed versions of Ingress NGINX Controller:Affected productAffected versionsFixed versionIngress NGINX Controller1.12.01.12.1Ingress NGINX Controller1.11.4 and below1.11.5Additionally, customers can use the following command to determine if clusters are using ingress-nginx:kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginxFor more specific information about mitigation steps, please refer to the Kubernetes blog.Does this also affect the NGINX Ingress Controller?No, while the names may sound similar, IngressNightmare does not affect the NGINX Ingress Controller from F5.Has Tenable released any product coverage for these vulnerabilities?A list of Tenable plugins for these vulnerabilities will be available on the individual CVE pages as they’re released:CVE-2025-1097CVE-2025-1098CVE-2025-1974CVE-2025-24513CVE-2025-24514Our Plugins Pipeline displays all available plugins for these vulnerabilities, including upcoming plugins, as they are added.Additional coverage is being investigated by Tenable Research and this blog post will be updated accordingly.Get more informationIngress-nginx CVE-2025-1974: What You Need to KnowIngressNightmare: Vulnerabilities in Ingress NGINXJoin Tenable's Security Response Team on the Tenable Community.Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.
Analysis Summary
# Vulnerability: IngressNightmare Vulnerability Series (CVE-2025-1097, -1098, -1974, -24513, -24514)
## CVE Details
- CVE ID: CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514
- CVSS Score: N/A (Multiple CVEs, specific scores not provided in the context)
- CWE: N/A
## Affected Systems
- Products: Ingress NGINX (Specific product details beyond "Ingress NGINX" are not provided in this snippet, but CVE-2025-1974 is linked to Ingress-nginx).
- Versions: N/A (Specific vulnerable versions are not detailed in this excerpt).
- Configurations: Implied to affect Ingress NGINX deployments, likely within Kubernetes environments. It explicitly **does not** affect the F5 NGINX Ingress Controller.
## Vulnerability Description
This summary covers multiple vulnerabilities grouped under the "IngressNightmare" series affecting the Ingress NGINX component. Technical details for the specific flaws (e.g., type of bug, underlying mechanism) are not provided in this FAQ excerpt, but they collectively represent security flaws within the Ingress NGINX software that warrant remediation.
## Exploitation
- Status: Unknown based on this document.
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: N/A
- Integrity: N/A
- Availability: N/A
*(Note: Specific impact ratings for the five CVEs could not be determined from the provided text.)*
## Remediation
### Patches
The article does not list specific patch versions. Users must consult the individual CVE pages or vendor advisories for specific patch releases.
### Workarounds
No specific workarounds are mentioned in this FAQ excerpt besides the implication that remediation involves patching the affected Ingress NGINX component.
## Detection
- Indicators of Compromise: Zero specific IoCs are provided.
- Detection methods and tools: Tenable plugin coverage for these vulnerabilities will be available on the respective CVE pages (linked below). Users can monitor the [Tenable Plugins Pipeline](https://www.tenable.com/plugins/pipeline) for updates.
## References
- Vendor advisories:
- Kubernetes Blog Post for CVE-2025-1974: hXXps://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/
- Wiz Blog Post on IngressNightmare: hXXps://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
- Tenable CVE Links:
- CVE-2025-1097: hXXps://www.tenable.com/cve/CVE-2025-1097/plugins
- CVE-2025-1098: hXXps://www.tenable.com/cve/CVE-2025-1098/plugins
- CVE-2025-1974: hXXps://www.tenable.com/cve/CVE-2025-1974/plugins
- CVE-2025-24513: hXXps://www.tenable.com/cve/CVE-2025-24513/plugins
- CVE-2025-24514: hXXps://www.tenable.com/cve/CVE-2025-24514/plugins