Security Advisory: Ingress-NGINX Kubernetes Vulnerabilities
Date Issued: March 25, 2025
Severity: Critical
Status: Active
Note: Status reflects current understanding at the time of advisory issuance.
Overview
Recent research has identified critical vulnerabilities in the Ingress-NGINX controller, a widely used component for managing external traffic in Kubernetes clusters. These vulnerabilities could potentially allow attackers to bypass security controls, escalate privileges, or disrupt cluster operations.
For full technical details, refer to the original analysis by Wiz: Ingress-NGINX Kubernetes Vulnerabilities.
Details
Affected Component: Ingress-NGINX of Kubernetes ingress controller
Vulnerabilities: Misconfigurations and design flaws in default setups may expose clusters to risks such as unauthorized access, data leakage, or denial-of-service attacks.
CVE Identifiers:
CVE-2025-1097
CVE-2025-1098
CVE-2025-1974
CVE-2025-24513
CVE-2025-24514
Scope: Admission Controller should be accessible for attackers to exploit the vulnerabilities.
Impact: The exploit could compromise sensitive workloads, expose internal services, or destabilize cluster availability.
Affected Versions
Traceable SaaS customers are not affected, as Traceable does not use the Ingress-NGINX controller.
Traceable OnPrem customers with publicly exposed admission controllers are at risk and must immediately upgrade to version 1.20.2, available here.
Recommended Action
Customers using Traceable OnPrem with publicly exposed admission controllers should update immediately.
For any upgrade-related assistance or questions, contact Traceable Support at support@traceable.ai.