Nearly 43% of cloud environments could be compromised in unauthenticated remote code execution attacks stemming from the exploitation of five critical security flaws impacting the Ingress NGINX Controller for Kubernetes, collectively dubbed as IngressNightmare, reports The Hacker News.
Attackers leveraging the auth-url annotation injection bug, tracked as CVE-2025-24514; auth-tls-match-cn annotation injection vulnerability, tracked as CVE-2025-1097; mirror UID injection flaw, tracked as CVE-2025-1098; and the NGINX configuration code execution issue, tracked as CVE-2025-1974, could obtain secrets across Kubernetes cluster namespaces and eventually achieve hijack targeted clusters, an analysis from Wiz revealed. Such an intrusion could be facilitated by the utilization of NGINX's client-body buffer capability to upload a shared library-masquerading payload to the pod before the delivery of an AdmissionReview request with configuration directive injections to the admission controller, said Wiz researchers. Organizations have been urged to immediately implement Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7 to mitigate potential compromise.
