CVE-2025-1974
ingress-nginx admission controller RCE escalation
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
kubernetes · ingress-nginxpublic PoCs found — 26
githubgithub.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps★ 97githubgithub.com/sandumjacob/IngressNightmare-POCs★ 90githubgithub.com/yoshino-s/CVE-2025-1974★ 53githubgithub.com/zwxxb/CVE-2025-1974★ 7githubgithub.com/hi-unc1e/CVE-2025-1974-poc★ 4githubgithub.com/Rubby2001/CVE-2025-1974-go★ 1githubgithub.com/I3r1h0n/IngressNightterror★ 1githubgithub.com/rjhaikal/POC-IngressNightmare-CVE-2025-1974★ 1githubgithub.com/dttuss/IngressNightmare-RCE-POC★ 1githubgithub.com/chhhd/CVE-2025-1974★ 1githubgithub.com/iteride/CVE-2025-1974★ 0githubgithub.com/gunyakit/CVE-2025-1974-PoC-exploit★ 0githubgithub.com/BoianEduard/CVE-2025-1974★ 0githubgithub.com/zsxen/CVE-2025-1974★ 0githubgithub.com/zsxen/cve-2025-1974-lab★ 0githubgithub.com/yanmarques/CVE-2025-1974★ 0githubgithub.com/m-q-t/ingressnightmare-detection-poc★ 0githubgithub.com/0xBingo/CVE-2025-1974★ 0githubgithub.com/tuladhar/ingress-nightmare★ 0githubgithub.com/zulloper/CVE-2025-1974★ 0githubgithub.com/salt318/CVE-2025-1974★ 0githubgithub.com/abrewer251/CVE-2025-1974_IngressNightmare_PoC★ 0githubgithub.com/Armand2002/Exploit-CVE-2025-1974-Lab★ 0githubgithub.com/BiiTts/POC-IngressNightmare-CVE-2025-1974★ 0exploitdbwww.exploit-db.com/exploits/52338unverifiedcve_referencewww.exploit-db.com/exploits/52475unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →