On March 24, 2025, a series of several critical vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) were disclosed in the ingress-nginx Controller for Kubernetes, collectively termed IngressNightmare. These vulnerabilities could lead to a complete cluster takeover by allowing attackers unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster.
Leave a Reply