Learn extra at:
The Kubernetes undertaking has launched patches for 5 vulnerabilities in a extensively used well-liked part referred to as the Ingress NGINX Controller that’s used to route exterior site visitors to Kubernetes providers. If exploited, the flaw might enable attackers to fully take over complete clusters.
“Based mostly on our evaluation, about 43% of cloud environments are weak to those vulnerabilities, with our analysis uncovering over 6,500 clusters, together with Fortune 500 firms, that publicly expose weak Kubernetes ingress controllers’ admission controllers to the general public web — placing them at fast vital danger,” wrote researchers from cloud safety agency Wiz who found and reported the flaws.
Collectively dubbed IngressNightmare by the Wiz analysis crew, the vulnerabilities are tracked as CVE-2025-1097, CVE-2025-1098, CVE-2025-24514 and CVE-2025-1974. They had been fastened in variations 1.12.1 and 1.11.5 of Ingress NGINX Controller (Ingress-NGINX) launched on Monday. A fifth flaw, tracked as CVE-2025-24513, was additionally recognized and patched in these releases.
