Serious vulnerabilities threaten public Kubernetes clusters worldwide
- Wiz has discovered serious vulnerabilities in the Ingress-Nginx Controller that could lead to total takeover of Kubernetes clusters.
- Over 6,000 deployments are at risk, as many Kubernetes clusters are exposed to external traffic.
- Organizations using Kubernetes should implement the recommended patches and security measures immediately.
In late 2024 and early 2025, Wiz, a cloud security firm, identified significant vulnerabilities in the admission controller component of the Ingress-Nginx Controller used in Kubernetes clusters. These vulnerabilities could potentially enable attackers to take over Kubernetes systems, impacting thousands of deployments currently accessible over the internet. The admission controller is crucial as it manages the validation of incoming ingress objects, translating them into configurations for Nginx, which is widely used for serving web applications. When these job functions are misconfigured, they can lead to severe security risks, including remote code execution (RCE). The vulnerabilities discovered by Wiz, collectively known as IngressNightmare, were formally disclosed to developers overseeing Kubernetes in December 2024 and January 2025. Specifically, five CVEs were recognized, with the most severe—CVE-2025-1974—rated 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS). This escalated rating highlights the severity of the flaws and the urgent need to address them. Other vulnerabilities, such as CVE-2025-1097 and CVE-2025-1098, received an 8.8 rating, indicating that many of them could also be exploited if not appropriately patched. On March 10, 2025, fixes for these vulnerabilities were released, allowing affected parties to download updated versions of the Ingress-Nginx Controller, with versions 1.12.1 and 1.11.5 addressing the flaws. Experts recommend enforcing strict network policies to restrict access to the admission controller component and advise temporarily disabling the admission controller if immediate fixes cannot be implemented. As Kubernetes clusters are frequently exposed to HTTP/S traffic for outside access, this scenario presents critical implications for the security of many applications running on these systems. Overall, the identification of these vulnerabilities creates substantial concern regarding the state of Kubernetes security, especially with thousands of deployments remaining at risk. As web services increasingly rely on Kubernetes for scalable application management, the ramifications of such vulnerabilities could lead to severe breaches if organizations fail to respond adequately. Security experts urge immediate action for those affected.