The Kubernetes challenge has launched patches for 5 vulnerabilities in a broadly used well-liked part referred to as the Ingress NGINX Controller that’s used to route exterior site visitors to Kubernetes providers. If exploited, the flaw might permit attackers to fully take over whole clusters.
“Primarily based on our evaluation, about 43% of cloud environments are susceptible to those vulnerabilities, with our analysis uncovering over 6,500 clusters, together with Fortune 500 corporations, that publicly expose susceptible Kubernetes ingress controllers’ admission controllers to the general public web — placing them at fast important danger,” wrote researchers from cloud security agency Wiz who discovered and reported the issues.
Collectively dubbed IngressNightmare by the Wiz analysis staff, the vulnerabilities are tracked as CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974. They have been fastened in variations 1.12.1 and 1.11.5 of Ingress NGINX Controller (Ingress-NGINX) launched on Monday.
